[Google Chrome] Ständige Popups (Spyware, FreeScan) und Verlinkungen in allen Textpassagen

royc · 30.03.2014, 20:28

Hallo zusammen,

sein einigen Tagen habe ich ein Problem mit meinem Chrome-Browser. In jeder Textpassage sind scheinbar zufällige Wörter grün markiert und verlinkt. Ich habe das mal beispielhaft mit einem Screenshot festgehalten.
Name: SpywareFreeScan_Chrome.jpg
Hits: 1751
Größe: 76,6 KB

Ein weiteres Problem ist, dass ich scheinbar ab und an falsch verlinkt werde. Ab und an klicke ich auf einen Link innerhalb einer Seite (z.B. auf Amazon.de) und lande dann auf einmal auf einer Werbeseite. (Ich glaube es war stake7.com, irgendetwas mit merkurcasino oder so)

Hier http://www.trojaner-board.de/151704-...s-verseht.html scheint das gleiche Problem vorzuliegen, daher war ich schon mal so frei und habe mir das Tool Farbar Recovery Scan Tool FRST64 runtergeladen und ausgeführt. Die Logs sind anbei.
Ich hoffe mir kann jemand bei diesem Problem helfen.

Viele Dank schonmal und Gruß,
Roy

Addition.txt:
Anhang 65849

FRST.txt
Anhang 65850

sunjojo · 30.03.2014, 21:27

Hallo royc,

mein Name ist Jonas und ich werde dir bei deiner Bereinigung helfen. Diese kann mit viel Arbeit für dich verbunden sein. Bevor wir anfangen können, lies bitte die Bereinigungsregeln und Hinweise:

Regeln zum Ablauf der Bereinigung

Arbeite die Anleitungen und Schritte sorgfältig und nacheinander ab.
Wenn du etwas nicht verstehst oder du dir unsicher bist, frage nach und schildere das Problem, so gut es geht. Handle nicht auf eigene Faust.
- Die Ausführung diverser Bereinigungsprogramme (mit Scripts aus anderen Threads) können dein Betriebssystem zerschießen!
Die Bereinigung eines Rechners in verschiedenen Foren zur selben Zeit ist verboten (Crossposting).

Installiere oder deinstalliere keine zusätzlichen Programme, lösche keine Dateien und führe nicht selbstständig Systemupdates durch.

Die Symptome können verschwunden sein, jedoch bedeutet das Verschwinden von äußeren Merkmalen einer Infektion nicht, dass du wieder clean bist.
- Ich werde dir ein eindeutiges Clean geben, solange arbeite bitte mit.

Hinweise

Ich kann dir nie eine Garantie geben, dass alles entfernt wurde. Die Formatierung der Festplatte und das Neuinstallieren deines Betriebssystems ist immer sicherer und meistens schneller.

Die von uns benutzten Programme erstellen meist ein Ergebnisprotokoll (Logfile genannt). Bitte füge alle von mir in einem Schritt geforderten Logfiles in einer Antwort/einem Post ein.
- http://www.trojaner-board.de/137229-...code-tags.html; Falls das Logfile zu groß für einen Post ist, teile es in zwei/mehrere Posts.

Wenn du alles gelesen hast, kann es losgehen. Bitte speichere alle Programme auf dem Desktop und führe sie von dort aus.

Bitte poste die Logfiles direkt hier in deinen Thread. Wenn diese zu groß sind für einen Post, einfach auf mehrere aufteilen

.

royc · 30.03.2014, 22:50

Hallo Jonas,

vielen Dank für deine Hilfe. Hier nun meine Logfiles:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Michael (administrator) on MICHAEL-LENOVO on 30-03-2014 21:03:35
Running from C:\Users\Michael\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(McAfee, Inc.) C:\windows\system32\mfevtps.exe
() C:\windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Akamai Technologies, Inc.) C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
() C:\Users\Michael\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Akamai Technologies, Inc.) C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtLED\RtLEDService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtLED\RtLED.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
() C:\Program Files (x86)\Re-markit Corp\Re-markit158.exe
() C:\Program Files (x86)\Re-markit Corp\Re-markit_wd.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11697768 2010-12-14] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-08-21] (Lenovo)
HKLM\...\Run: [OnekeyStudio] - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789920 2011-08-21] (Lenovo)
HKLM\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2011-08-21] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-08-21] (Lenovo(beijing) Limited)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [McAfeeUpdaterUI] - C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [136512 2009-01-16] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] - C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [124240 2009-04-29] (McAfee, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-03-28] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-06] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [CanonQuickMenu] - C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-977804215-3240316584-965802034-1002\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-977804215-3240316584-965802034-1002\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3477312 2012-01-19] (DT Soft Ltd)
HKU\S-1-5-21-977804215-3240316584-965802034-1002\...\Run: [Google Update] - C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-02] (Google Inc.)
HKU\S-1-5-21-977804215-3240316584-965802034-1002\...\Run: [Akamai NetSession Interface] - C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-977804215-3240316584-965802034-1002\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-11-06] (Samsung)
HKU\S-1-5-21-977804215-3240316584-965802034-1002\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-977804215-3240316584-965802034-1002\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-06] (Samsung)
HKU\S-1-5-21-977804215-3240316584-965802034-1002\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Michael\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\Program Files (x86)\SupTab\SearchProtect64.dll [96768 2014-03-05] (Skytech Co., Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => C:\Program Files (x86)\SupTab\SearchProtect32.dll [85504 2014-03-05] (Skytech Co., Ltd.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1396204090&from=tugs&uid=WDCXWD7500BPVT-24HXZT1_WD-WXA1E51YE810YE810
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1396204090&from=tugs&uid=WDCXWD7500BPVT-24HXZT1_WD-WXA1E51YE810YE810
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1396204090&from=tugs&uid=WDCXWD7500BPVT-24HXZT1_WD-WXA1E51YE810YE810&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1396204090&from=tugs&uid=WDCXWD7500BPVT-24HXZT1_WD-WXA1E51YE810YE810
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1396204090&from=tugs&uid=WDCXWD7500BPVT-24HXZT1_WD-WXA1E51YE810YE810
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1396204090&from=tugs&uid=WDCXWD7500BPVT-24HXZT1_WD-WXA1E51YE810YE810&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1396204090&from=tugs&uid=WDCXWD7500BPVT-24HXZT1_WD-WXA1E51YE810YE810&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1396204090&from=tugs&uid=WDCXWD7500BPVT-24HXZT1_WD-WXA1E51YE810YE810
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1396204090&from=tugs&uid=WDCXWD7500BPVT-24HXZT1_WD-WXA1E51YE810YE810
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1396204090&from=tugs&uid=WDCXWD7500BPVT-24HXZT1_WD-WXA1E51YE810YE810&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1396204090&from=tugs&uid=WDCXWD7500BPVT-24HXZT1_WD-WXA1E51YE810YE810
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1396204090&from=tugs&uid=WDCXWD7500BPVT-24HXZT1_WD-WXA1E51YE810YE810&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1396204090&from=tugs&uid=WDCXWD7500BPVT-24HXZT1_WD-WXA1E51YE810YE810&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1396204090&from=tugs&uid=WDCXWD7500BPVT-24HXZT1_WD-WXA1E51YE810YE810&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1396204090&from=tugs&uid=WDCXWD7500BPVT-24HXZT1_WD-WXA1E51YE810YE810&q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1396204090&from=tugs&uid=WDCXWD7500BPVT-24HXZT1_WD-WXA1E51YE810YE810&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1396204090&from=tugs&uid=WDCXWD7500BPVT-24HXZT1_WD-WXA1E51YE810YE810&q={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
BHO: HQVid8 - {11111111-1111-1111-1111-110511311172} - C:\Program Files (x86)\HQVid8\HQVid8-bho64.dll (High-QualityV8)
BHO: MediaPlayerplus - {11111111-1111-1111-1111-110511421146} - C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho64.dll (Freeven)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ExplorerWatcher Class - {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} - C:\Program Files (x86)\Clover\TabHelper64.dll (EJIE Technology)
BHO-x32: HQVid8 - {11111111-1111-1111-1111-110511311172} - C:\Program Files (x86)\HQVid8\HQVid8-bho.dll (High-QualityV8)
BHO-x32: MediaPlayerplus - {11111111-1111-1111-1111-110511421146} - C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho.dll (Freeven)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} -  No File
Handler: x-owacid - {0215258f-f0a8-49de-bf1b-0ff02eda8807} -  No File
Handler-x32: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax (ACE GmbH)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: x-owacid - {0215258f-f0a8-49de-bf1b-0ff02eda8807} - C:\Program Files (x86)\Microsoft\Outlook Web Access SMIME Client\mimectl.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default
FF user.js: detected! => C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\user.js
FF NewTab: hxxp://istart.webssearches.com/newtab/?type=nt&ts=1396204090&from=tugs&uid=WDCXWD7500BPVT-24HXZT1_WD-WXA1E51YE810YE810
FF DefaultSearchEngine: webssearches
FF SelectedSearchEngine: webssearches
FF Homepage: hxxp://istart.webssearches.com/?type=hp&ts=1396204090&from=tugs&uid=WDCXWD7500BPVT-24HXZT1_WD-WXA1E51YE810YE810
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com')%20%7B%20return%20'PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @fluxdvd.com/NPWMDRMWrapper - C:\Program Files (x86)\Videoload Manager\NPWMDRMWrapper.dll ( )
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @protectdisc.com/NPMPDRM - C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Michael\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Michael\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Michael\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: 20-20 3D Viewer - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\2020Player@2020Technologies.com [2011-09-27]
FF Extension: MediaPlayerplus - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com [2014-03-30]
FF Extension: HQVid8 - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com [2014-03-30]
FF Extension: Illimitux - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\illimitux@illimitux.net [2011-09-27]
FF Extension: Quick Start - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\quick_start@gmail.com [2014-03-30]
FF Extension: Noia 2.0 (eXtreme) - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} [2011-09-27]
FF Extension: SearchPreview - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2014-03-14]
FF Extension: New Tab King - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF} [2013-02-06]
FF Extension: gui:config - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\guiconfig@slosd.net.xpi [2011-09-27]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2012-02-25]
FF Extension: Personas Plus - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\personas@christopher.beard.xpi [2013-03-12]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-24]
FF Extension: Fasterfox - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2012-02-05]
FF Extension: Adblock Plus - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-27]
FF Extension: DownThemAll! - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-09-27]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-02-20]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-07-03]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\extensions\quick_start@gmail.com
FF Extension: Quick Start - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\extensions\quick_start@gmail.com [2014-03-30]
FF HKCU\...\Firefox\Extensions: [{5ae66703-77f8-4623-8c81-9ba769053c03}] - C:\Program Files (x86)\Re-markit Corp\158.xpi
FF Extension: Re-markit - C:\Program Files (x86)\Re-markit Corp\158.xpi [2014-03-30]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://istart.webssearches.com/?type=sc&ts=1396204090&from=tugs&uid=WDCXWD7500BPVT-24HXZT1_WD-WXA1E51YE810YE810

Chrome: 
=======
CHR HomePage: hxxp://www.chip.de/
CHR Plugin: (Shockwave Flash) - C:\Users\Michael\AppData\Local\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Extension: (Angry Birds) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2012-03-17]
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-03-17]
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-12]
CHR Extension: (Adblock Plus) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-03-12]
CHR Extension: (Google-Suche) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-12]
CHR Extension: (Search by Image (by Google)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2012-03-17]
CHR Extension: (Google Kalender) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2012-03-17]
CHR Extension: (Facebook Disconnect) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2012-03-17]
CHR Extension: (CHIP Online) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhjmdobefakhdbfdpnnopoaldabldbgd [2012-03-17]
CHR Extension: (Hola Besseres Internet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2013-05-12]
CHR Extension: (IE Tab) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2012-03-17]
CHR Extension: (Crazy Chicken) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\hffidhkjaeimpicfoicgkhkokcbiaaka [2013-06-10]
CHR Extension: (InoReader Cloud Reader - News, Blogs, Video) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhglljfmpijadbpkalkclnhlncncdono [2013-06-10]
CHR Extension: (Disconnect) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2013-05-12]
CHR Extension: (Dailymotion) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekjhaoehikicbcgpdjkbhcdbhcgdkcp [2012-03-17]
CHR Extension: (Google Maps) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2012-03-24]
CHR Extension: (Ghostery) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2012-03-17]
CHR Extension: (ScrewAds - Block, Skip, Remove YouTube Ads) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmbnjoljpgkhiaicaejkdcjbfjknipnc [2012-03-12]
CHR Extension: (Download) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nccjoeeljedbmkidebclpoabijggpbdp [2012-03-24]
CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
CHR Extension: (Picasa) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2012-03-17]
CHR Extension: (Google Mail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-12]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-03-30]
CHR StartMenuInternet: Google Chrome - C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe hxxp://istart.webssearches.com/?type=sc&ts=1396204090&from=tugs&uid=WDCXWD7500BPVT-24HXZT1_WD-WXA1E51YE810YE810
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [956192 2011-02-15] (Broadcom Corporation.)
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [515584 2014-03-17] (Cherished Technololgy LIMITED)
R2 McAfeeEngineService; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [19720 2009-04-29] (McAfee, Inc.)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [103744 2009-01-16] (McAfee, Inc.)
R2 McShield; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [176872 2009-04-29] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [62800 2009-04-29] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [78992 2009-04-29] (McAfee, Inc.)
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [75136 2011-09-30] ()
R2 Re-markit; C:\Program Files (x86)\Re-markit Corp\Re-markit158.exe [143360 2014-03-30] ()
R2 RtLedService; C:\Program Files\Realtek\RtLED\RtLEDService.exe [311296 2010-09-30] (Realtek Semiconductor Corp.)
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [496640 2014-03-30] (Cherished Technololgy LIMITED)

==================== Drivers (Whitelisted) ====================

S2 ASPI32; No ImagePath
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2011-11-05] (www.winchiphead.com)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-02-06] (DT Soft Ltd)
S3 jnprva; C:\Windows\System32\DRIVERS\jnprva.sys [26480 2011-09-07] (Juniper Networks, Inc.)
S3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [45352 2011-09-07] (Juniper Networks, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [97704 2009-04-29] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [120096 2009-04-29] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [466944 2009-04-29] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [76696 2009-04-29] (McAfee, Inc.)
R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [83912 2009-04-29] (McAfee, Inc.)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8200552 2010-12-15] (Realtek Semiconductor Corp.)
U2 CLKMSVC10_3A60B698; 
U2 CLKMSVC10_C3B3B687; 
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
U2 DriverService; 
U2 IAStorDataMgrSvc; 
U2 idealife Update Service; 
U3 IGRS; 
U2 IviRegMgr; 
S3 jnprna; system32\DRIVERS\jnprna6.sys [X]
U2 Oasis2Service; 
U2 PCCarerServic; 
U2 ReadyComm.DirectRouter; 
U2 RichVideo; 
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5a\WNt500x64\Sandra.sys [X]
U2 SoftwareService; 
U2 Stereo Service; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-30 21:03 - 2014-03-30 21:04 - 00040368 _____ () C:\Users\Michael\Desktop\FRST.txt
2014-03-30 21:03 - 2014-03-30 21:03 - 00000000 ____D () C:\FRST
2014-03-30 21:01 - 2014-03-30 21:01 - 02157056 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2014-03-30 20:30 - 2014-03-30 20:30 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\SupTab
2014-03-30 20:30 - 2014-03-30 20:30 - 00000000 ____D () C:\ProgramData\WPM
2014-03-30 20:30 - 2014-03-30 20:30 - 00000000 ____D () C:\ProgramData\IePluginService
2014-03-30 20:30 - 2014-03-30 20:30 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-03-30 20:29 - 2014-03-30 20:29 - 00004692 _____ () C:\windows\System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-5
2014-03-30 20:29 - 2014-03-30 20:29 - 00004606 _____ () C:\windows\System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-1
2014-03-30 20:29 - 2014-03-30 20:29 - 00004600 _____ () C:\windows\System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-5
2014-03-30 20:29 - 2014-03-30 20:29 - 00004536 _____ () C:\windows\System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-2
2014-03-30 20:29 - 2014-03-30 20:29 - 00004496 _____ () C:\windows\System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-1
2014-03-30 20:29 - 2014-03-30 20:29 - 00004444 _____ () C:\windows\System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-2
2014-03-30 20:29 - 2014-03-30 20:29 - 00001662 _____ () C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-5.job
2014-03-30 20:29 - 2014-03-30 20:29 - 00001576 _____ () C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-1.job
2014-03-30 20:29 - 2014-03-30 20:29 - 00001570 _____ () C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-5.job
2014-03-30 20:29 - 2014-03-30 20:29 - 00001506 _____ () C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-2.job
2014-03-30 20:29 - 2014-03-30 20:29 - 00001466 _____ () C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-1.job
2014-03-30 20:29 - 2014-03-30 20:29 - 00001414 _____ () C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-2.job
2014-03-30 20:28 - 2014-03-30 20:29 - 00000394 _____ () C:\windows\Tasks\Re-markit_wd.job
2014-03-30 20:28 - 2014-03-30 20:29 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus
2014-03-30 20:28 - 2014-03-30 20:29 - 00000000 ____D () C:\Program Files (x86)\HQVid8
2014-03-30 20:28 - 2014-03-30 20:28 - 00006492 _____ () C:\windows\System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-3
2014-03-30 20:28 - 2014-03-30 20:28 - 00006138 _____ () C:\windows\System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-3
2014-03-30 20:28 - 2014-03-30 20:28 - 00005598 _____ () C:\windows\System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-4
2014-03-30 20:28 - 2014-03-30 20:28 - 00005456 _____ () C:\windows\System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-4
2014-03-30 20:28 - 2014-03-30 20:28 - 00003462 _____ () C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-3.job
2014-03-30 20:28 - 2014-03-30 20:28 - 00003108 _____ () C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-3.job
2014-03-30 20:28 - 2014-03-30 20:28 - 00003048 _____ () C:\windows\System32\Tasks\Re-markit Update
2014-03-30 20:28 - 2014-03-30 20:28 - 00002986 _____ () C:\windows\System32\Tasks\Re-markit_wd
2014-03-30 20:28 - 2014-03-30 20:28 - 00002568 _____ () C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-4.job
2014-03-30 20:28 - 2014-03-30 20:28 - 00002426 _____ () C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-4.job
2014-03-30 20:28 - 2014-03-30 20:28 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-03-30 20:28 - 2014-03-30 20:28 - 00000396 _____ () C:\windows\Tasks\Re-markit Update.job
2014-03-30 20:28 - 2014-03-30 20:28 - 00000000 ____D () C:\Program Files (x86)\Re-markit Corp
2014-03-30 20:27 - 2014-03-30 20:27 - 00563712 _____ () C:\Users\Michael\Downloads\Java.exe
2014-03-27 20:26 - 2014-03-27 20:26 - 00000000 ____D () C:\Users\Michael\Downloads\EnviroBear2000
2014-03-23 15:18 - 2014-03-23 15:18 - 00000218 _____ () C:\Users\Michael\.recently-used.xbel
2014-03-16 21:25 - 2014-03-16 21:25 - 00014526 _____ () C:\Users\Michael\AppData\Local\recently-used.xbel
2014-03-13 20:36 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-13 20:36 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-13 20:36 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-13 20:36 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-13 20:36 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-13 20:36 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-13 20:36 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-13 20:36 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-13 20:36 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-13 20:36 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-13 20:36 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-13 20:36 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-13 20:36 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-13 20:36 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-13 20:36 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-13 20:36 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-13 20:36 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-13 20:36 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-13 20:36 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-13 20:36 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-13 20:36 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-13 20:36 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-13 20:36 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-13 20:36 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-13 20:36 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-13 20:36 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-13 20:36 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-13 20:36 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-13 20:36 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-13 20:36 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-13 20:36 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-13 20:36 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-13 20:36 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-13 20:36 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-13 20:36 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-13 20:36 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-13 20:36 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-13 20:36 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-13 20:36 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-13 20:36 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-13 20:35 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-13 20:35 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-13 20:35 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-13 20:35 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-13 20:35 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-13 20:35 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-13 20:35 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-13 20:35 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-13 20:32 - 2014-03-13 20:32 - 00000063 _____ () C:\Users\Michael\.gtk-bookmarks
2014-03-05 20:26 - 2014-03-05 20:26 - 14175091 _____ () C:\Users\Michael\Downloads\Tutorial-GIMP-Haut-glaetten.zip
2014-03-04 17:39 - 2014-03-05 19:52 - 125727092 _____ () C:\Users\Michael\Documents\IMG_2021a.xcf
2014-03-04 13:20 - 2014-03-16 21:32 - 00000000 ____D () C:\Scan
2014-03-04 13:18 - 2014-03-04 13:20 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-03-04 13:16 - 2014-03-04 13:18 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Canon
2014-03-04 13:16 - 2014-03-04 13:16 - 00000000 ___HD () C:\ProgramData\CanonIJEGV
2014-03-04 13:14 - 2014-03-04 13:14 - 00000000 ___HD () C:\ProgramData\CanonIJQuickMenu
2014-03-04 13:12 - 2012-03-26 06:00 - 00392192 _____ (CANON INC.) C:\windows\system32\CNMXLMB9.DLL
2014-03-04 13:11 - 2014-03-04 13:11 - 00000000 ____D () C:\ProgramData\Canon IJ Network Tool
2014-03-04 13:11 - 2012-02-08 17:34 - 00320000 _____ (CANON INC.) C:\windows\SysWOW64\CNC_B9L.dll
2014-03-04 13:11 - 2012-01-26 11:25 - 00081664 _____ () C:\windows\SysWOW64\CNC1763D.TBL
2014-03-04 13:11 - 2012-01-16 15:21 - 00103424 _____ (CANON INC.) C:\windows\SysWOW64\CNC_B9U.dll
2014-03-04 13:11 - 2008-08-25 19:02 - 00015872 _____ (CANON INC.) C:\windows\SysWOW64\CNHMCA.dll
2014-03-04 13:09 - 2014-03-04 13:09 - 00000000 ____D () C:\ProgramData\CanonIJWSpt
2014-03-04 13:09 - 2014-03-04 13:09 - 00000000 ____D () C:\Program Files\Common Files\CANON
2014-03-04 13:08 - 2014-03-04 13:08 - 00000000 ____D () C:\Program Files\Canon
2014-03-04 13:07 - 2014-03-04 13:07 - 00000000 ___HD () C:\windows\system32\CanonIJ Uninstaller Information
2014-03-04 13:07 - 2014-03-04 13:07 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-03-04 13:06 - 2014-03-04 13:06 - 00000000 ___HD () C:\Program Files\CanonBJ
2014-03-04 13:06 - 2012-03-26 06:00 - 00389120 _____ (CANON INC.) C:\windows\system32\CNMLMB9.DLL
2014-03-04 13:05 - 2014-03-04 13:05 - 00000000 ____D () C:\windows\system32\STRING
2014-03-04 13:05 - 2012-03-28 19:01 - 00359936 _____ (CANON INC.) C:\windows\system32\CNMN6PPM.DLL
2014-03-04 13:05 - 2012-03-28 19:01 - 00039424 _____ (CANON INC.) C:\windows\system32\CNMN6UI.DLL
2014-03-04 13:03 - 2014-03-04 13:16 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-03-01 12:28 - 2014-03-16 21:25 - 00000000 ____D () C:\Users\Michael\AppData\Local\gtk-2.0
2014-03-01 12:22 - 2014-03-16 21:49 - 00000000 ____D () C:\Users\Michael\.gimp-2.8
2014-03-01 12:22 - 2014-03-01 12:22 - 00000000 ____D () C:\Users\Michael\AppData\Local\gegl-0.2
2014-03-01 12:10 - 2014-03-01 12:13 - 00000000 ____D () C:\Program Files\GIMP 2
2014-03-01 12:06 - 2014-03-01 12:07 - 90396104 _____ (The GIMP Team ) C:\Users\Michael\Downloads\gimp-2.8.10-setup.exe
2014-03-01 11:19 - 2014-03-15 21:59 - 00000000 ____D () C:\Users\Michael\Desktop\Shooting

==================== One Month Modified Files and Folders =======

2014-03-30 21:04 - 2014-03-30 21:03 - 00040368 _____ () C:\Users\Michael\Desktop\FRST.txt
2014-03-30 21:03 - 2014-03-30 21:03 - 00000000 ____D () C:\FRST
2014-03-30 21:01 - 2014-03-30 21:01 - 02157056 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2014-03-30 20:51 - 2012-03-12 15:09 - 00001128 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-977804215-3240316584-965802034-1002UA.job
2014-03-30 20:39 - 2012-06-09 15:40 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-03-30 20:30 - 2014-03-30 20:30 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\SupTab
2014-03-30 20:30 - 2014-03-30 20:30 - 00000000 ____D () C:\ProgramData\WPM
2014-03-30 20:30 - 2014-03-30 20:30 - 00000000 ____D () C:\ProgramData\IePluginService
2014-03-30 20:30 - 2014-03-30 20:30 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-03-30 20:29 - 2014-03-30 20:29 - 00004692 _____ () C:\windows\System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-5
2014-03-30 20:29 - 2014-03-30 20:29 - 00004606 _____ () C:\windows\System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-1
2014-03-30 20:29 - 2014-03-30 20:29 - 00004600 _____ () C:\windows\System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-5
2014-03-30 20:29 - 2014-03-30 20:29 - 00004536 _____ () C:\windows\System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-2
2014-03-30 20:29 - 2014-03-30 20:29 - 00004496 _____ () C:\windows\System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-1
2014-03-30 20:29 - 2014-03-30 20:29 - 00004444 _____ () C:\windows\System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-2
2014-03-30 20:29 - 2014-03-30 20:29 - 00001662 _____ () C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-5.job
2014-03-30 20:29 - 2014-03-30 20:29 - 00001576 _____ () C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-1.job
2014-03-30 20:29 - 2014-03-30 20:29 - 00001570 _____ () C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-5.job
2014-03-30 20:29 - 2014-03-30 20:29 - 00001506 _____ () C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-2.job
2014-03-30 20:29 - 2014-03-30 20:29 - 00001466 _____ () C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-1.job
2014-03-30 20:29 - 2014-03-30 20:29 - 00001414 _____ () C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-2.job
2014-03-30 20:29 - 2014-03-30 20:28 - 00000394 _____ () C:\windows\Tasks\Re-markit_wd.job
2014-03-30 20:29 - 2014-03-30 20:28 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus
2014-03-30 20:29 - 2014-03-30 20:28 - 00000000 ____D () C:\Program Files (x86)\HQVid8
2014-03-30 20:28 - 2014-03-30 20:28 - 00006492 _____ () C:\windows\System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-3
2014-03-30 20:28 - 2014-03-30 20:28 - 00006138 _____ () C:\windows\System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-3
2014-03-30 20:28 - 2014-03-30 20:28 - 00005598 _____ () C:\windows\System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-4
2014-03-30 20:28 - 2014-03-30 20:28 - 00005456 _____ () C:\windows\System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-4
2014-03-30 20:28 - 2014-03-30 20:28 - 00003462 _____ () C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-3.job
2014-03-30 20:28 - 2014-03-30 20:28 - 00003108 _____ () C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-3.job
2014-03-30 20:28 - 2014-03-30 20:28 - 00003048 _____ () C:\windows\System32\Tasks\Re-markit Update
2014-03-30 20:28 - 2014-03-30 20:28 - 00002986 _____ () C:\windows\System32\Tasks\Re-markit_wd
2014-03-30 20:28 - 2014-03-30 20:28 - 00002568 _____ () C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-4.job
2014-03-30 20:28 - 2014-03-30 20:28 - 00002426 _____ () C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-4.job
2014-03-30 20:28 - 2014-03-30 20:28 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-03-30 20:28 - 2014-03-30 20:28 - 00000396 _____ () C:\windows\Tasks\Re-markit Update.job
2014-03-30 20:28 - 2014-03-30 20:28 - 00000000 ____D () C:\Program Files (x86)\Re-markit Corp
2014-03-30 20:28 - 2009-07-14 05:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-03-30 20:28 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy
2014-03-30 20:27 - 2014-03-30 20:27 - 00563712 _____ () C:\Users\Michael\Downloads\Java.exe
2014-03-30 20:21 - 2009-07-14 06:45 - 00030352 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-30 20:21 - 2009-07-14 06:45 - 00030352 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-30 20:18 - 2011-10-05 16:33 - 01099130 _____ () C:\windows\WindowsUpdate.log
2014-03-30 20:16 - 2011-08-21 01:43 - 00001124 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-30 20:16 - 2011-08-21 01:34 - 03315150 _____ () C:\FaceProv.log
2014-03-30 17:36 - 2011-08-21 08:35 - 00701560 _____ () C:\windows\system32\perfh007.dat
2014-03-30 17:36 - 2011-08-21 08:35 - 00150428 _____ () C:\windows\system32\perfc007.dat
2014-03-30 17:36 - 2009-07-14 07:13 - 01620612 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-30 17:31 - 2011-08-21 01:38 - 00140883 _____ () C:\windows\system32\fastboot.set
2014-03-30 17:30 - 2013-09-09 07:00 - 00022314 _____ () C:\windows\setupact.log
2014-03-30 17:30 - 2011-08-21 01:43 - 00001120 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-30 17:30 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-29 18:03 - 2011-08-21 01:43 - 00004120 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-29 18:03 - 2011-08-21 01:43 - 00003868 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-28 06:51 - 2012-03-12 15:09 - 00001076 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-977804215-3240316584-965802034-1002Core.job
2014-03-28 06:46 - 2012-03-12 15:09 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-977804215-3240316584-965802034-1002UA
2014-03-28 06:46 - 2012-03-12 15:09 - 00003710 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-977804215-3240316584-965802034-1002Core
2014-03-27 20:50 - 2011-09-28 16:14 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Juniper Networks
2014-03-27 20:49 - 2011-09-28 16:14 - 00000000 ____D () C:\Program Files (x86)\Juniper Networks
2014-03-27 20:26 - 2014-03-27 20:26 - 00000000 ____D () C:\Users\Michael\Downloads\EnviroBear2000
2014-03-23 15:18 - 2014-03-23 15:18 - 00000218 _____ () C:\Users\Michael\.recently-used.xbel
2014-03-23 15:18 - 2011-09-28 00:03 - 00000000 ____D () C:\Users\Michael
2014-03-22 16:57 - 2012-07-04 19:36 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\vlc
2014-03-19 21:12 - 2013-08-14 21:03 - 00000000 ____D () C:\windows\system32\MRT
2014-03-19 21:09 - 2011-09-27 22:16 - 00000000 ___RD () C:\Users\Michael\Dropbox
2014-03-19 21:09 - 2011-09-27 21:14 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-19 19:42 - 2011-09-27 22:15 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Dropbox
2014-03-16 21:49 - 2014-03-01 12:22 - 00000000 ____D () C:\Users\Michael\.gimp-2.8
2014-03-16 21:32 - 2014-03-04 13:20 - 00000000 ____D () C:\Scan
2014-03-16 21:25 - 2014-03-16 21:25 - 00014526 _____ () C:\Users\Michael\AppData\Local\recently-used.xbel
2014-03-16 21:25 - 2014-03-01 12:28 - 00000000 ____D () C:\Users\Michael\AppData\Local\gtk-2.0
2014-03-15 21:59 - 2014-03-01 11:19 - 00000000 ____D () C:\Users\Michael\Desktop\Shooting
2014-03-14 07:23 - 2009-07-14 06:45 - 00493672 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-14 07:21 - 2013-03-14 08:43 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 07:21 - 2013-03-14 08:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 21:26 - 2012-03-07 20:10 - 00000039 _____ () C:\windows\vbaddin.ini
2014-03-13 21:26 - 2011-09-27 19:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-13 20:32 - 2014-03-13 20:32 - 00000063 _____ () C:\Users\Michael\.gtk-bookmarks
2014-03-12 21:39 - 2012-06-09 15:40 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 21:39 - 2012-04-13 23:26 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 21:39 - 2011-09-27 18:17 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 08:25 - 2013-08-08 21:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-09 19:06 - 2013-03-12 15:54 - 00011264 _____ () C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-09 18:25 - 2009-07-14 07:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-03-09 15:43 - 2009-07-14 07:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-03-08 19:43 - 2012-12-28 20:32 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\DivX
2014-03-07 18:18 - 2009-07-14 07:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-03-05 20:26 - 2014-03-05 20:26 - 14175091 _____ () C:\Users\Michael\Downloads\Tutorial-GIMP-Haut-glaetten.zip
2014-03-05 19:52 - 2014-03-04 17:39 - 125727092 _____ () C:\Users\Michael\Documents\IMG_2021a.xcf
2014-03-05 19:20 - 2014-02-26 09:27 - 00182926 _____ () C:\windows\PFRO.log
2014-03-04 13:20 - 2014-03-04 13:18 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-03-04 13:18 - 2014-03-04 13:16 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Canon
2014-03-04 13:16 - 2014-03-04 13:16 - 00000000 ___HD () C:\ProgramData\CanonIJEGV
2014-03-04 13:16 - 2014-03-04 13:03 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-03-04 13:14 - 2014-03-04 13:14 - 00000000 ___HD () C:\ProgramData\CanonIJQuickMenu
2014-03-04 13:11 - 2014-03-04 13:11 - 00000000 ____D () C:\ProgramData\Canon IJ Network Tool
2014-03-04 13:11 - 2009-07-14 05:20 - 00000000 __RSD () C:\windows\Media
2014-03-04 13:09 - 2014-03-04 13:09 - 00000000 ____D () C:\ProgramData\CanonIJWSpt
2014-03-04 13:09 - 2014-03-04 13:09 - 00000000 ____D () C:\Program Files\Common Files\CANON
2014-03-04 13:08 - 2014-03-04 13:08 - 00000000 ____D () C:\Program Files\Canon
2014-03-04 13:07 - 2014-03-04 13:07 - 00000000 ___HD () C:\windows\system32\CanonIJ Uninstaller Information
2014-03-04 13:07 - 2014-03-04 13:07 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-03-04 13:06 - 2014-03-04 13:06 - 00000000 ___HD () C:\Program Files\CanonBJ
2014-03-04 13:05 - 2014-03-04 13:05 - 00000000 ____D () C:\windows\system32\STRING
2014-03-01 13:59 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-03-01 12:22 - 2014-03-01 12:22 - 00000000 ____D () C:\Users\Michael\AppData\Local\gegl-0.2
2014-03-01 12:13 - 2014-03-01 12:10 - 00000000 ____D () C:\Program Files\GIMP 2
2014-03-01 12:08 - 2012-04-05 18:26 - 00000000 ____D () C:\Users\Michael\.gimp-2.6
2014-03-01 12:07 - 2014-03-01 12:06 - 90396104 _____ (The GIMP Team ) C:\Users\Michael\Downloads\gimp-2.8.10-setup.exe
2014-03-01 08:05 - 2014-03-13 20:36 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-01 07:17 - 2014-03-13 20:36 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-01 07:16 - 2014-03-13 20:36 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-01 06:58 - 2014-03-13 20:36 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-01 06:52 - 2014-03-13 20:36 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-01 06:51 - 2014-03-13 20:36 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-01 06:42 - 2014-03-13 20:36 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-01 06:40 - 2014-03-13 20:36 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-01 06:37 - 2014-03-13 20:36 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-01 06:33 - 2014-03-13 20:36 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-01 06:33 - 2014-03-13 20:36 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-01 06:32 - 2014-03-13 20:36 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-01 06:30 - 2014-03-13 20:36 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-01 06:23 - 2014-03-13 20:36 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 06:17 - 2014-03-13 20:36 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-01 06:11 - 2014-03-13 20:36 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-01 06:02 - 2014-03-13 20:36 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-01 05:54 - 2014-03-13 20:36 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-01 05:52 - 2014-03-13 20:36 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-01 05:51 - 2014-03-13 20:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-01 05:47 - 2014-03-13 20:36 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-01 05:43 - 2014-03-13 20:36 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-01 05:43 - 2014-03-13 20:36 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-01 05:42 - 2014-03-13 20:36 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-01 05:40 - 2014-03-13 20:36 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-01 05:38 - 2014-03-13 20:36 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-01 05:37 - 2014-03-13 20:36 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-01 05:35 - 2014-03-13 20:36 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-01 05:18 - 2014-03-13 20:36 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-01 05:16 - 2014-03-13 20:36 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-01 05:14 - 2014-03-13 20:36 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-01 05:10 - 2014-03-13 20:36 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-01 05:03 - 2014-03-13 20:36 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-01 05:00 - 2014-03-13 20:36 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-01 04:57 - 2014-03-13 20:36 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-01 04:38 - 2014-03-13 20:36 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-01 04:32 - 2014-03-13 20:36 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-01 04:27 - 2014-03-13 20:36 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-01 04:25 - 2014-03-13 20:36 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-01 04:25 - 2014-03-13 20:36 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll

Files to move or delete:
====================
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
C:\ProgramData\z7_0ytr.pad


Some content of TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\BackupSetup.exe
C:\Users\Michael\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmoyxqa.dll
C:\Users\Michael\AppData\Local\Temp\fvir2pr2.dll
C:\Users\Michael\AppData\Local\Temp\install_flashplayer12x32au_mssd_aaa_aih.exe
C:\Users\Michael\AppData\Local\Temp\JuniperSetupClientInstaller.exe
C:\Users\Michael\AppData\Local\Temp\m0qsyyxj.dll
C:\Users\Michael\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Michael\AppData\Local\Temp\neoNCSetup64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-23 18:03

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

und
FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Michael at 2014-03-30 21:05:09
Running from C:\Users\Michael\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Apple Mobile Device Support (HKLM\...\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}) (Version: 5.1.1.4 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MG4200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4200_series) (Version: 1.01 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.16 - Piriform)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.5 - Dropbox, Inc.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Java 7 Update 13 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417013FF}) (Version: 7.0.130 - Oracle)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.4.8.42127 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8000 - Broadcom Corporation)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.5 - Lenovo)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Logitech Unifying-Software 2.00 (HKLM\...\Logitech Unifying) (Version: 2.00.43 - Logitech)
Luminance HDR 2.2.0 (HKLM\...\{7020FC34-6E04-4858-924D-354B28CB2402}_is1) (Version:  - Luminance HDR Dev Team)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Camera Codec Pack (HKLM\...\{CD01405F-BC70-4453-B7F5-00CED3903C19}) (Version: 16.4.1620.0719 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - DEU (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Team Foundation Server 2010-Objektmodell - DEU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
NVIDIA Grafiktreiber 310.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 310.70 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.95.599 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Systemsteuerung 310.70 (Version: 310.70 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
PDF-XChange Viewer (HKLM\...\{9ED333F8-3E6C-4A38-BAFA-728454121CDA}) (Version: 2.5.201.0 - Tracker Software Products Ltd.)
Qt SDK (HKCU\...\Qt SDK) (Version: 1.1.0 - Nokia)
RtLED (HKLM\...\{ACB6F4ED-835B-44EC-9EFD-AC8C83D28597}) (Version: 1.0.3 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
SRS Premium Sound Control Panel (HKLM\...\{2998191E-A35E-47E2-BE38-7702C731D722}) (Version: 1.10.18.0 - SRS Labs, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.7.0 - Synaptics Incorporated)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Visual Studio 2010 Prerequisites - English (HKLM\...\{53952792-BF16-300E-ADF2-E7E4367E00CF}) (Version: 10.0.30319 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)

==================== Restore Points  =========================

07-03-2014 16:25:10 Windows Update
13-03-2014 18:29:03 Windows Update
13-03-2014 19:22:19 Windows Update
18-03-2014 17:54:07 Windows Update
19-03-2014 19:09:17 Windows Update
25-03-2014 20:21:53 Windows Update
29-03-2014 07:24:17 Windows Update
30-03-2014 18:28:35 Uniblue SpeedUpMyPC installation

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-03-27 21:03 - 00000826 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {027DE212-78DF-419C-BBB0-A8011EF6126C} - System32\Tasks\{2EC29CBC-6BF6-4DAB-B196-0F3DC13F8611} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {085C6B0A-39DF-46F5-B8B0-D0BCA1221515} - System32\Tasks\{02F952C3-486C-4705-98C0-839045115604} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {09C9EA20-31DE-49E4-A5CE-17D1108F5ABF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {0C5D9971-32AC-445F-A94A-49B7BF502FD8} - System32\Tasks\{9C5B7DA3-3B20-44B6-BFB9-0908AB41E073} => C:\Users\Michael\downloads\monkey\MONKEY.EXE
Task: {0EBA804B-38DC-44A7-8B60-6724A5D0AEBD} - System32\Tasks\{2CB742D6-71EE-4DB4-85D6-CD9A8D48E1E7} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {12BEA7C0-2A85-45A5-95E2-BBA68BD4160F} - System32\Tasks\{CC854B5C-E57D-4603-930D-15986D8C59E8} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {163DA8CF-7210-4B62-B974-9E6A168F95CB} - System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-5 => C:\Program Files (x86)\MediaPlayerplus\1d58acf1-29e5-4c8e-a536-e04dd320ab01-5.exe [2014-03-30] (Freeven)
Task: {17DA8EB2-D59F-4774-AE8F-F77F0DE4389F} - System32\Tasks\{6E09A6C9-599B-4004-A295-DB859DE2D322} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {1E2AA691-7B76-4EA0-AFE9-5C887AA5735F} - System32\Tasks\{ADA08FC2-156F-4A25-8708-20BDDD0AC811} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {1E488DE3-824D-44B3-9507-E68C9484CA6E} - System32\Tasks\{3E0BB13D-EE90-4627-86D6-76E14875E984} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {22496753-D227-4CD0-852E-CDD5489AD798} - System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-4 => C:\Program Files (x86)\HQVid8\9b0b99bf-8395-4071-85ce-258ecccd2e05-4.exe [2014-03-30] (High-QualityV8)
Task: {22644F01-72E1-4AC1-946C-69901EE637A2} - System32\Tasks\{B8816912-62C7-42E2-8EC6-46A5E7195339} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {2AB0D38E-89CD-47E7-A0CD-4672A120A4BB} - System32\Tasks\{083C9B77-E395-43A5-B87B-8DACB656C121} => C:\Users\Michael\downloads\monkey\MONKEY.EXE
Task: {2ECE821B-A375-4E88-882F-1C323FCAF53E} - System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-3 => C:\Program Files (x86)\HQVid8\9b0b99bf-8395-4071-85ce-258ecccd2e05-3.exe [2014-03-30] (High-QualityV8)
Task: {30F9A419-277D-45B7-A465-910FBA884D4F} - System32\Tasks\{CE70EDD5-9F97-4D02-8B1C-BFEEC5D76F66} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {3345DC22-2464-4E4D-AAB3-C1968FEFA878} - System32\Tasks\{365C5390-A94F-4181-8232-25FCC64F1BF0} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {33E0F179-642F-4DA1-BA2F-A5C2E93186EF} - System32\Tasks\{DD96B263-04DB-4017-9CF9-FB07ADCF1936} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {3850EB6A-100F-4EB9-8925-214F8CE84439} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-977804215-3240316584-965802034-1002UA => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-02] (Google Inc.)
Task: {385A9318-770A-419E-A6FC-DA1E4866581E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-21] (Google Inc.)
Task: {3B96AF33-29AC-4B34-A20F-6728BC52EFDD} - System32\Tasks\{CF860EF3-7022-427A-9550-0826756DC428} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {3E1555E2-FC0E-464D-BB30-D4878723D92F} - System32\Tasks\{50B8AF97-9E6E-4379-8D0B-B3F494A747E8} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {3F675FF6-C560-403C-B5F9-47EF4B9BC380} - System32\Tasks\{05FACEED-B558-4C04-8186-C424FDFCCD90} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {40C5CB5F-DF98-4ED4-BB35-EEB40815E67B} - System32\Tasks\{5928C935-54DC-49B1-BC4F-E24F5912AD10} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {4109F478-6E1F-486A-AF0E-48EDEA1E1198} - System32\Tasks\{8B12A6E6-B74B-48EE-98AA-28A7CD003FF6} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {433B7ECD-F83F-4740-A52C-5F48BB4CE070} - System32\Tasks\{261D8136-4A68-42D7-9325-36DEE5BAFEAA} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {43F635F6-52FA-43EA-8327-BA50F2C8458E} - System32\Tasks\{2A9E80F6-57DD-41AD-B4D3-D59F3F22E7B6} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {47088C59-7BEF-4F8E-8F78-C6D896FD8227} - System32\Tasks\{16CC5F48-89B1-49F9-ACF1-EEBAEBEAD292} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {47AD37C9-60EC-4D03-8BD4-492F160EE257} - System32\Tasks\{345C3B38-75E1-4AD7-AF1F-24587B566103} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {4D8118A6-5D8D-49D5-BEA5-950F572A2CDB} - System32\Tasks\{D07D25AC-359C-41F7-BC83-B179AD75CACF} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {513BF8B1-CB8C-4188-85B0-761DE0E852B8} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {51A7081C-1EBA-4CB0-82A5-7566041A4861} - System32\Tasks\{2918A599-170C-4A31-8416-51DC809DE0F8} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {5890B8CC-7FF2-48B3-820F-5A83C2B86E26} - System32\Tasks\{EEC8DA8D-81FE-4ACD-AB43-904662C00487} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {589D3C39-7C99-4AE3-A856-77F075FAEB6A} - System32\Tasks\{7794BF1A-1941-456B-B31A-97ECE32D9920} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {5A882266-83EB-4D91-B22F-53084D77FFA2} - System32\Tasks\{9F4762B2-F0E0-4AAB-94E7-A41B4B581075} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {62A486A3-614E-4B77-B94A-90A5BBED7C24} - System32\Tasks\{D561436D-D4EB-4565-97C9-B3B8B4671123} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {6A474658-5C4B-45A8-A3D1-222CF8CB61AA} - System32\Tasks\{4DC70DB7-C96B-41FE-8A72-4A2DD48BF156} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {6CE739ED-7A5B-40A5-8A9C-76058970CB59} - System32\Tasks\{6289CE22-D69E-4A11-A8CB-8C4D8EC3094D} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {6D324AAB-5EEA-47D9-98DC-3FA5F250DC49} - System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-2 => C:\Program Files (x86)\HQVid8\9b0b99bf-8395-4071-85ce-258ecccd2e05-2.exe [2014-03-30] (High-QualityV8)
Task: {6E594D36-4115-4EDC-8FD1-A49591C4DEA3} - System32\Tasks\{23864F60-9E08-4EDA-BFA1-88EA50A8E0AA} => E:\SETUP95\INSTALL.EXE
Task: {6EC93B22-28AE-4448-959C-ED8CF0104C37} - System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-5 => C:\Program Files (x86)\HQVid8\9b0b99bf-8395-4071-85ce-258ecccd2e05-5.exe [2014-03-30] (High-QualityV8)
Task: {70D64781-79E4-4533-9333-D248C5BFDFDC} - System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-4 => C:\Program Files (x86)\MediaPlayerplus\1d58acf1-29e5-4c8e-a536-e04dd320ab01-4.exe [2014-03-30] (Freeven)
Task: {768B7C19-52E8-4301-9FB6-D9F986A96692} - System32\Tasks\{F29E6849-64FF-47D8-ADD4-6DEF09EFEB45} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {78213231-DDF4-4B9C-B0BE-46ABF184D068} - System32\Tasks\{32C33AE0-6676-4E7E-924A-271ADC9BEE3B} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {7B4A9D40-F9C3-40D2-8229-FE0CFAF5197E} - System32\Tasks\{0E75D01D-A9E7-470F-9DF0-4F23A47A5C61} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {814CAF5E-2C53-46BE-99CD-2874509D3839} - System32\Tasks\{DC1FBECC-E461-4DBF-9AEB-C458703863BF} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {86020ACE-1656-4F2B-8D2E-80ECC69468CA} - System32\Tasks\{4DCAB60F-17B6-464C-AF7A-CA869BB67396} => C:\Users\Michael\downloads\monkey\MONKEY.EXE
Task: {86D80D46-D6DD-401C-BC7A-6DE1CC1083B8} - System32\Tasks\{0B8D2F00-1CAF-4FE7-A180-8F05DB66D171} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {87FB1667-B546-4317-9738-302E024A4AFF} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {8A7D5AB7-E5AE-4204-9071-50ECC7A16B18} - System32\Tasks\{CFCDB690-8862-4A48-AC9B-3925E775791A} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {8C2375E0-B07B-4D2C-8529-4CEB19E097B3} - System32\Tasks\{3F461170-CAD9-4828-B1B0-50E44DF59770} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {8C915C19-E99C-41BC-921E-955183E8617E} - System32\Tasks\Re-markit Update => C:\Program Files (x86)\Re-markit Corp\ReMar.exe [2014-03-30] () <==== ATTENTION
Task: {8DE60EFF-F44D-42BA-955E-C6EEB6CC3860} - System32\Tasks\{D826DB58-55A0-40B0-AF0C-FDBC60499CBF} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {8E00BDAC-BC8A-4041-85FD-38EFDBA27599} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {98DE9927-73AC-4917-9AA5-5E2AA69CEA93} - System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-2 => C:\Program Files (x86)\MediaPlayerplus\1d58acf1-29e5-4c8e-a536-e04dd320ab01-2.exe [2014-03-30] (Freeven)
Task: {9AF50743-90BC-4250-AF2E-D44DEDCAEEB6} - System32\Tasks\{FA0B9B81-71BD-49CD-8062-1D1E13B1F617} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {A09485C5-C4D6-4DF0-8113-F7646CA3F6FF} - System32\Tasks\{04C74048-245D-409F-9F2B-24E55C20183D} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {A13606CE-4DB3-42DA-A9A1-F6988D995DBD} - System32\Tasks\{F4290F20-A0B3-4EAB-925F-01101B7D2AA0} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {A5FB0249-3F39-45FA-A1E4-08B4B24CCFA0} - System32\Tasks\Re-markit_wd => C:\Program Files (x86)\Re-markit Corp\Re-markit_wd.exe [2014-03-30] () <==== ATTENTION
Task: {A7D1F906-0E6C-4A50-88A6-3AF298F6FE8C} - System32\Tasks\{621B481C-7476-4D49-A502-846925E54349} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {A8063565-0ED1-430A-9B4C-435C84CD18C5} - System32\Tasks\{35A3CB29-E5B7-40B1-8E8E-0898017F7EA4} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {AC9E11B5-462F-4EE9-B1E1-4A7905378EA3} - System32\Tasks\{3FF55E29-6378-4B58-9DDE-316BF15B8D0B} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {AE7645FE-1977-4B41-B946-8AA627127134} - System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-1 => C:\Program Files (x86)\HQVid8\HQVid8-codedownloader.exe [2014-03-30] (High-QualityV8)
Task: {B263EFA2-F241-4C67-8730-25039832E41F} - System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-1 => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe [2014-03-30] (Freeven)
Task: {BB274FA0-89DD-482B-BAED-2DDEE0677E37} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-977804215-3240316584-965802034-1002Core => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-02] (Google Inc.)
Task: {BE60C906-48B7-4948-A14A-A08BE2BB86A6} - System32\Tasks\{2B18EF07-08E0-4B48-A7FC-DB4ECA5C0FD1} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {BF7F06CC-03AE-4497-95DC-340F1D756975} - System32\Tasks\{B78EC505-D4E9-4B16-A2C4-C50282051440} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {C715271A-776F-4202-BDA7-B9B59327512F} - System32\Tasks\{624A2020-D27E-4315-B373-1026C0F9A8B5} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {CBAE47A0-59FE-4EE6-9F98-6F48017EDD03} - System32\Tasks\{BC03D182-E3A8-4AEC-AF1C-6F62730F49F7} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {D078384C-246A-40EA-800C-1D6BF4CAA26A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-21] (Google Inc.)
Task: {D2DD3112-DC88-43F9-B253-683E71676C4F} - System32\Tasks\{BA5A78BA-590D-481E-BCE0-BEA37CFA9445} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {D37D603A-848D-4345-BAFB-BC30C82FE9CE} - System32\Tasks\{A066A5A9-B65F-466D-A75A-459ABFD34A91} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {D4404688-DF50-46E3-95DD-55A003E938D3} - System32\Tasks\{65FD8DD6-9F52-4195-A2D1-B2D0DB6C763C} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {D9ACB301-92C9-4ECF-87D5-CADA9AD942CA} - System32\Tasks\{871F524E-9EF9-407E-B282-9EE039ECD475} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {E0B1A1C5-E848-460E-BA06-7468076C6BA3} - System32\Tasks\{4998D91A-0CBA-4F8A-8215-113C4A7522A5} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {E0DBE796-930B-4CBF-AB8B-D2367881049A} - System32\Tasks\{8D681D87-93D8-444C-990B-24E0585E3897} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {E0FEED33-406C-4315-81A1-C3172396C90C} - System32\Tasks\{76D215CA-0CF9-4277-BFF3-9608A9ED3437} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {E5C16F39-9556-43CE-9F41-424B888F757C} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-05] (CyberLink)
Task: {E78F3D91-7FF3-4604-83EB-954D3FD66DC9} - System32\Tasks\{D849D91D-086B-44C6-AD25-E06FAFE2C474} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {E96CC21A-242A-4A11-9F69-690C24360F3E} - System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-3 => C:\Program Files (x86)\MediaPlayerplus\1d58acf1-29e5-4c8e-a536-e04dd320ab01-3.exe [2014-03-30] (Freeven)
Task: {F2ECFF1B-32C1-4670-BF5B-3667173E2FD7} - System32\Tasks\{F498274B-26F2-489E-89EC-44B1C4D9137E} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F61FFE61-8280-48F4-B5C0-2CB0C8030116} - System32\Tasks\{2CA8888D-0954-4480-BBA0-57FE03A5DB53} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F6F1D431-53E3-4CFE-BBCF-95309A29B652} - System32\Tasks\{EFC5E2D2-9E7C-4DFD-A3B9-5793AB16A873} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F7660BA2-F001-4047-8660-322D8D9BB74A} - System32\Tasks\{51FF1306-00D4-4AB2-8C65-CE2D8CE48936} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F8E12BE5-4ECE-407C-BA10-E55281C81BA0} - System32\Tasks\{C293F847-ECB9-44C7-ADCC-FE326572E3CC} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {FC66E3D4-63DE-44F0-B1FF-5557A8C7995C} - System32\Tasks\{D1D1DDF6-4F09-42A4-B563-C1AC306B90B3} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {FE4D0D73-A272-434E-AA38-015650EE1F97} - System32\Tasks\{99540BAD-093F-4D22-AFB2-6A6A12EA9A10} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-1.job => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe
Task: C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-2.job => C:\Program Files (x86)\MediaPlayerplus\1d58acf1-29e5-4c8e-a536-e04dd320ab01-2.exe
Task: C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-3.job => C:\Program Files (x86)\MediaPlayerplus\1d58acf1-29e5-4c8e-a536-e04dd320ab01-3.exe
Task: C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-4.job => C:\Program Files (x86)\MediaPlayerplus\1d58acf1-29e5-4c8e-a536-e04dd320ab01-4.exe
Task: C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-5.job => C:\Program Files (x86)\MediaPlayerplus\1d58acf1-29e5-4c8e-a536-e04dd320ab01-5.exe
Task: C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-1.job => C:\Program Files (x86)\HQVid8\HQVid8-codedownloader.exe
Task: C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-2.job => C:\Program Files (x86)\HQVid8\9b0b99bf-8395-4071-85ce-258ecccd2e05-2.exe
Task: C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-3.job => C:\Program Files (x86)\HQVid8\9b0b99bf-8395-4071-85ce-258ecccd2e05-3.exe
Task: C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-4.job => C:\Program Files (x86)\HQVid8\9b0b99bf-8395-4071-85ce-258ecccd2e05-4.exe
Task: C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-5.job => C:\Program Files (x86)\HQVid8\9b0b99bf-8395-4071-85ce-258ecccd2e05-5.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-977804215-3240316584-965802034-1002Core.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-977804215-3240316584-965802034-1002UA.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Re-markit Update.job => C:\Program Files (x86)\Re-markit Corp\ReMar.exe <==== ATTENTION
Task: C:\windows\Tasks\Re-markit_wd.job => C:\Program Files (x86)\Re-markit Corp\Re-markit_wd.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2011-10-19 10:31 - 2005-03-12 01:07 - 00087040 _____ () C:\windows\System32\pdfcmnnt.dll
2012-10-11 20:29 - 2012-12-01 07:49 - 00086888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-11-11 12:42 - 2010-11-11 12:42 - 00202144 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2010-11-11 12:44 - 2010-11-11 12:44 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2011-09-30 16:50 - 2011-09-30 16:50 - 00075136 _____ () C:\windows\SysWOW64\PnkBstrA.exe
2009-04-29 20:07 - 2009-04-29 20:07 - 00140288 _____ () C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\VsEvntUI.dll
2008-12-20 05:20 - 2011-08-21 01:49 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-20 05:20 - 2011-08-21 01:49 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2011-04-14 05:01 - 2011-03-25 11:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-11-15 08:44 - 2007-09-02 14:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2013-05-22 20:50 - 2013-05-22 20:50 - 00400704 _____ () C:\Users\Michael\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2011-09-18 17:56 - 2011-09-18 17:56 - 00102912 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2011-09-18 17:56 - 2011-09-18 17:56 - 00869888 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2011-02-11 03:45 - 2011-02-11 03:45 - 00026112 _____ () C:\Program Files\Rainmeter\Plugins\InputText.dll
2011-09-18 17:56 - 2011-09-18 17:56 - 00166912 _____ () C:\Program Files\Rainmeter\Plugins\WebParser.dll
2013-02-13 04:37 - 2013-02-13 04:37 - 01263952 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2011-08-21 01:39 - 2011-08-21 01:39 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
2014-03-30 20:27 - 2014-03-30 20:27 - 00143360 _____ () C:\Program Files (x86)\Re-markit Corp\Re-markit158.exe
2014-03-30 20:27 - 2014-03-30 20:27 - 00077312 _____ () C:\Program Files (x86)\Re-markit Corp\Re-markit_wd.exe
2011-08-21 01:34 - 2011-08-21 01:34 - 01502720 _____ () C:\windows\system32\IcnOvrly.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2005-08-22 15:38 - 2005-08-22 15:38 - 03264512 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
2009-01-16 16:00 - 2009-01-16 16:00 - 00057344 _____ () C:\Program Files (x86)\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll
2009-04-29 20:07 - 2009-04-29 20:07 - 00148816 _____ () C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsEvntUI.dll
2010-11-11 12:38 - 2010-11-11 12:38 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
2010-11-11 12:39 - 2010-11-11 12:39 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
2011-11-15 08:44 - 2007-09-02 14:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2013-02-13 04:38 - 2013-02-13 04:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-03-30 20:27 - 2014-03-30 20:27 - 00133120 _____ () C:\Program Files (x86)\Re-markit Corp\Re-markit158.dll
2014-03-15 21:47 - 2014-03-15 02:50 - 00051016 _____ () C:\Users\Michael\AppData\Local\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 21:47 - 2014-03-15 02:50 - 00716616 _____ () C:\Users\Michael\AppData\Local\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 21:47 - 2014-03-15 02:50 - 00100168 _____ () C:\Users\Michael\AppData\Local\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-15 21:47 - 2014-03-15 02:50 - 04061000 _____ () C:\Users\Michael\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 21:47 - 2014-03-15 02:50 - 00394568 _____ () C:\Users\Michael\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 21:47 - 2014-03-15 02:50 - 01647432 _____ () C:\Users\Michael\AppData\Local\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-03-15 21:47 - 2014-03-15 02:50 - 13637448 _____ () C:\Users\Michael\AppData\Local\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Media Server-Taskleisten-Tool.lnk => C:\windows\pss\Logitech Media Server-Taskleisten-Tool.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microtek Scanner Finder.lnk => C:\windows\pss\Microtek Scanner Finder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: JunosPulse => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe -tray
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: VeriFaceManager => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
MSCONFIG\startupreg: YouCam Mirage => "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
MSCONFIG\startupreg: YouCam Tray => "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s

==================== Faulty Device Manager Devices =============

Name: Broadcom Bluetooth 2.1 USB
Description: Broadcom Bluetooth 2.1 USB
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/30/2014 08:16:08 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "G:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (03/30/2014 06:01:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4150

Error: (03/30/2014 06:01:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4150

Error: (03/30/2014 06:01:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/30/2014 06:01:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2996

Error: (03/30/2014 06:01:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2996

Error: (03/30/2014 06:01:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/30/2014 06:01:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1997

Error: (03/30/2014 06:01:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1997

Error: (03/30/2014 06:01:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (03/30/2014 05:33:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (03/30/2014 05:33:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (03/30/2014 05:30:37 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "ASPI32" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/29/2014 00:23:36 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (03/29/2014 00:23:36 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (03/29/2014 00:20:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "ASPI32" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/29/2014 09:21:21 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (03/29/2014 09:21:21 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (03/29/2014 09:18:27 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "ASPI32" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/28/2014 06:36:48 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2012-10-12 23:22:32.993
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lenovo\Energy Management\BatteryTestDLL.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-12 23:22:32.973
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-12 23:22:32.943
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lenovo\Energy Management\BatteryTestDLL.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-12 20:44:24.277
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-12-29 22:27:54.820
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lenovo\Energy Management\BatteryTestDLL.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-12-29 22:27:54.810
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-12-29 22:27:54.796
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lenovo\Energy Management\BatteryTestDLL.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-12-29 22:16:08.217
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-12-29 22:16:08.025
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvoptimusmft.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-12-29 22:15:28.275
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lenovo\Energy Management\BatteryTestDLL.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 35%
Total physical RAM: 8106.17 MB
Available physical RAM: 5265.7 MB
Total Pagefile: 16210.52 MB
Available Pagefile: 12572.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:654.69 GB) (Free:440.8 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:0.02 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: DE6C27C7)

Partition: GPT Partition Type.

==================== End Of Log ============================

--- --- ---

vielen Dank für deine Unterstützung.

Gruß

sunjojo · 31.03.2014, 19:00

Schritt 1
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Poste folgende Logfiles in deiner nächsten Antwort:

ComboFix-Scan

royc · 01.04.2014, 19:21

So, Combofix habe ich ausgeführt. Fehlermeldungen gab es keine. Allerdings wurde etwa 30mal das Program pev.3XE geschlossen mit der Mitteilung: pev.3XE funktioniert nicht mehr ... usw.

Hier die Datei ComboFix.txt

Combofix Logfile:

Code:

ATTFilter

ComboFix 14-03-24.01 - Michael 01.04.2014  19:54:57.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8106.5653 [GMT 2:00]
ausgeführt von:: c:\users\Michael\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\SupTab\SuPTab.dll
c:\programdata\z7_0ytr.pad
c:\users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_deghekbbihbapplmbffglehkdhkeibbm_0.localstorage-journal
c:\users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_deghekbbihbapplmbffglehkdhkeibbm_0.localstorage
c:\users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_majjphhgppkndjjkmhhnbgafooenebhd_0.localstorage-journal
c:\users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_majjphhgppkndjjkmhhnbgafooenebhd_0.localstorage
c:\users\Michael\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Recent\1300-8-14_R2009.mat
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Recent\1300 - 8 -14 -10 - g - Hand.mat
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Recent\1300_1 (2).mat
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Recent\1300_1.mat
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Recent\1300_1_mitNN.mat
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Recent\demo.mat
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Recent\lamAdata.mat
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Recent\Luftaufwand.mat
c:\windows\s.bat
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-03-01 bis 2014-04-01  ))))))))))))))))))))))))))))))
.
.
2014-04-01 18:12 . 2014-04-01 18:12	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-04-01 18:12 . 2014-04-01 18:12	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-04-01 17:55 . 2014-04-01 17:55	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A9070A1-6041-4D2B-B0BB-9AC5188498DB}\offreg.dll
2014-04-01 17:43 . 2014-03-07 04:43	10521840	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A9070A1-6041-4D2B-B0BB-9AC5188498DB}\mpengine.dll
2014-03-30 19:03 . 2014-03-30 19:06	--------	d-----w-	C:\FRST
2014-03-30 18:30 . 2014-03-30 18:30	--------	d-----w-	c:\programdata\IePluginService
2014-03-30 18:30 . 2014-03-30 18:30	--------	d-----w-	c:\users\Michael\AppData\Roaming\SupTab
2014-03-30 18:30 . 2014-04-01 18:12	--------	d-----w-	c:\program files (x86)\SupTab
2014-03-30 18:30 . 2014-03-30 18:30	--------	d-----w-	c:\programdata\WPM
2014-03-30 18:29 . 2014-03-30 18:29	--------	d-----w-	c:\users\Michael\AppData\Roaming\webssearches
2014-03-30 18:28 . 2014-03-30 18:29	--------	d-----w-	c:\program files (x86)\MediaPlayerplus
2014-03-30 18:28 . 2014-03-30 18:29	--------	d-----w-	c:\program files (x86)\HQVid8
2014-03-30 18:28 . 2014-03-30 18:28	--------	d-----w-	c:\program files (x86)\Re-markit Corp
2014-03-13 18:35 . 2014-01-28 02:32	228864	----a-w-	c:\windows\system32\wwansvc.dll
2014-03-13 18:35 . 2014-02-07 01:23	3156480	----a-w-	c:\windows\system32\win32k.sys
2014-03-13 18:35 . 2014-01-29 02:32	484864	----a-w-	c:\windows\system32\wer.dll
2014-03-13 18:35 . 2014-01-29 02:06	381440	----a-w-	c:\windows\SysWow64\wer.dll
2014-03-13 18:35 . 2014-02-04 02:32	624128	----a-w-	c:\windows\system32\qedit.dll
2014-03-13 18:35 . 2014-02-04 02:04	509440	----a-w-	c:\windows\SysWow64\qedit.dll
2014-03-13 18:35 . 2014-02-04 02:32	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-03-13 18:35 . 2014-02-04 02:04	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2014-03-04 11:20 . 2014-03-16 19:32	--------	d-----w-	C:\Scan
2014-03-04 11:18 . 2014-03-04 11:20	--------	d--h--w-	c:\programdata\CanonIJScan
2014-03-04 11:16 . 2014-03-04 11:18	--------	d-----w-	c:\users\Michael\AppData\Roaming\Canon
2014-03-04 11:16 . 2014-03-04 11:16	--------	d--h--w-	c:\programdata\CanonIJEGV
2014-03-04 11:14 . 2014-03-04 11:14	--------	d--h--w-	c:\programdata\CanonIJQuickMenu
2014-03-04 11:12 . 2012-03-26 04:00	392192	----a-w-	c:\windows\system32\CNMXLMB9.DLL
2014-03-04 11:11 . 2014-03-04 11:11	--------	d-----w-	c:\programdata\Canon IJ Network Tool
2014-03-04 11:11 . 2012-02-08 15:34	320000	----a-w-	c:\windows\SysWow64\CNC_B9L.dll
2014-03-04 11:11 . 2012-01-16 13:21	103424	----a-w-	c:\windows\SysWow64\CNC_B9U.dll
2014-03-04 11:11 . 2008-08-25 17:02	15872	----a-w-	c:\windows\SysWow64\CNHMCA.dll
2014-03-04 11:09 . 2014-03-04 11:09	--------	d-----w-	c:\program files\Common Files\CANON
2014-03-04 11:09 . 2014-03-04 11:09	--------	d-----w-	c:\programdata\CanonIJWSpt
2014-03-04 11:08 . 2014-03-04 11:08	--------	d-----w-	c:\program files\Canon
2014-03-04 11:07 . 2014-03-04 11:07	--------	d--h--w-	c:\programdata\CanonBJ
2014-03-04 11:07 . 2012-03-26 04:00	100352	----a-w-	c:\windows\system32\Spool\prtprocs\x64\CNMPPB9.DLL
2014-03-04 11:07 . 2012-03-26 04:00	30208	----a-w-	c:\windows\system32\Spool\prtprocs\x64\CNMPDB9.DLL
2014-03-04 11:07 . 2014-03-04 11:07	--------	d--h--w-	c:\windows\system32\CanonIJ Uninstaller Information
2014-03-04 11:06 . 2012-03-26 04:00	389120	----a-w-	c:\windows\system32\CNMLMB9.DLL
2014-03-04 11:05 . 2014-03-04 11:05	--------	d-----w-	c:\windows\system32\STRING
2014-03-04 11:05 . 2012-03-28 17:01	39424	----a-w-	c:\windows\system32\CNMN6UI.DLL
2014-03-04 11:05 . 2012-03-28 17:01	359936	----a-w-	c:\windows\system32\CNMN6PPM.DLL
2014-03-04 11:03 . 2014-03-04 11:16	--------	d-----w-	c:\program files (x86)\Canon
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-19 19:09 . 2011-09-27 19:14	90015360	----a-w-	c:\windows\system32\MRT.exe
2014-03-12 19:39 . 2012-04-13 21:26	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 19:39 . 2011-09-27 16:17	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-09 07:51 . 2012-03-27 14:57	1456640	----a-w-	c:\program files (x86)\Common Files\Falk Navi-Manager.msi
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110511311172}]
2014-03-30 18:29	495104	----a-w-	c:\program files (x86)\HQVid8\HQVid8-bho.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110511421146}]
2014-03-30 18:29	495104	----a-w-	c:\program files (x86)\MediaPlayerplus\MediaPlayerplus-bho.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-06-17 18:07	220632	----a-w-	c:\users\Michael\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-06-17 18:07	220632	----a-w-	c:\users\Michael\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-06-17 18:07	220632	----a-w-	c:\users\Michael\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-01-19 3477312]
"Akamai NetSession Interface"="c:\users\Michael\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-11-06 1564528]
"AmazonMP3DownloaderHelper"="c:\users\Michael\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe" [2013-05-22 400704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2009-01-16 136512]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-04-29 124240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-03-28 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-11-06 311152]
"CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2012-04-03 1273448]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2012-03-26 449168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-2-15 1136928]
SRS Premium Sound.lnk - c:\program files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe /h [2010-12-17 1927528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\SupTab\SearchProtect32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IePluginService;IePlugin Service;c:\programdata\IePluginService\PluginService.exe;c:\programdata\IePluginService\PluginService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Wpm;Wpm Service;c:\programdata\WPM\wprotectmanager.exe;c:\programdata\WPM\wprotectmanager.exe [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 CH341SER_A64;CH341SER_A64;c:\windows\system32\Drivers\CH341S64.SYS;c:\windows\SYSNATIVE\Drivers\CH341S64.SYS [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 jnprna;Juniper Network Agent Miniport;c:\windows\system32\DRIVERS\jnprna6.sys;c:\windows\SYSNATIVE\DRIVERS\jnprna6.sys [x]
R3 jnprva;Juniper Networks Virtual Adapter Service;c:\windows\system32\DRIVERS\jnprva.sys;c:\windows\SYSNATIVE\DRIVERS\jnprva.sys [x]
R3 JnprVaMgr;Juniper Networks Virtual Adapter Manager Service;c:\windows\system32\DRIVERS\jnprvamgr.sys;c:\windows\SYSNATIVE\DRIVERS\jnprvamgr.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\DRIVERS\vpcuxd.sys;c:\windows\SYSNATIVE\DRIVERS\vpcuxd.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 Re-markit;Re-markit;c:\program files (x86)\Re-markit Corp\Re-markit158.exe;c:\program files (x86)\Re-markit Corp\Re-markit158.exe [x]
S2 RtLedService;RtLedService Installer;c:\program files\Realtek\RtLED\RtLEDService.exe;c:\program files\Realtek\RtLED\RtLEDService.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-01 c:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-1.job
- c:\program files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe [2014-03-30 18:29]
.
2014-04-01 c:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-2.job
- c:\program files (x86)\MediaPlayerplus\1d58acf1-29e5-4c8e-a536-e04dd320ab01-2.exe [2014-03-30 18:29]
.
2014-04-01 c:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-3.job
- c:\program files (x86)\MediaPlayerplus\1d58acf1-29e5-4c8e-a536-e04dd320ab01-3.exe [2014-03-30 18:28]
.
2014-04-01 c:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-4.job
- c:\program files (x86)\MediaPlayerplus\1d58acf1-29e5-4c8e-a536-e04dd320ab01-4.exe [2014-03-30 18:28]
.
2014-04-01 c:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-5.job
- c:\program files (x86)\MediaPlayerplus\1d58acf1-29e5-4c8e-a536-e04dd320ab01-5.exe [2014-03-30 18:29]
.
2014-04-01 c:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-1.job
- c:\program files (x86)\HQVid8\HQVid8-codedownloader.exe [2014-03-30 18:29]
.
2014-04-01 c:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-2.job
- c:\program files (x86)\HQVid8\9b0b99bf-8395-4071-85ce-258ecccd2e05-2.exe [2014-03-30 18:29]
.
2014-04-01 c:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-3.job
- c:\program files (x86)\HQVid8\9b0b99bf-8395-4071-85ce-258ecccd2e05-3.exe [2014-03-30 18:28]
.
2014-04-01 c:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-4.job
- c:\program files (x86)\HQVid8\9b0b99bf-8395-4071-85ce-258ecccd2e05-4.exe [2014-03-30 18:28]
.
2014-04-01 c:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-5.job
- c:\program files (x86)\HQVid8\9b0b99bf-8395-4071-85ce-258ecccd2e05-5.exe [2014-03-30 18:29]
.
2014-04-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 19:39]
.
2014-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-20 23:43]
.
2014-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-20 23:43]
.
2014-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-977804215-3240316584-965802034-1002Core.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-12 09:25]
.
2014-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-977804215-3240316584-965802034-1002UA.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-12 09:25]
.
2014-04-01 c:\windows\Tasks\Re-markit Update.job
- c:\program files (x86)\Re-markit Corp\ReMar.exe [2014-03-30 18:27]
.
2014-04-01 c:\windows\Tasks\Re-markit_wd.job
- c:\program files (x86)\Re-markit Corp\Re-markit_wd.exe [2014-03-30 18:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11111111-1111-1111-1111-110511311172}]
2014-03-30 18:29	660992	----a-w-	c:\program files (x86)\HQVid8\HQVid8-bho64.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11111111-1111-1111-1111-110511421146}]
2014-03-30 18:29	660992	----a-w-	c:\program files (x86)\MediaPlayerplus\MediaPlayerplus-bho64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-06-17 18:07	244696	----a-w-	c:\users\Michael\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-06-17 18:07	244696	----a-w-	c:\users\Michael\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-06-17 18:07	244696	----a-w-	c:\users\Michael\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-08-20 23:34	1502720	----a-w-	c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-14 11697768]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-08-20 114688]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-08-20 789920]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-08-20 9769888]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-08-20 5908928]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\SupTab\SearchProtect64.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1396204090&from=tugs&uid=WDCXWD7500BPVT-24HXZT1_WD-WXA1E51YE810YE810
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1396204090&from=tugs&uid=WDCXWD7500BPVT-24HXZT1_WD-WXA1E51YE810YE810&q={searchTerms}
mDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1396204090&from=tugs&uid=WDCXWD7500BPVT-24HXZT1_WD-WXA1E51YE810YE810
mStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1396204090&from=tugs&uid=WDCXWD7500BPVT-24HXZT1_WD-WXA1E51YE810YE810
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1396204090&from=tugs&uid=WDCXWD7500BPVT-24HXZT1_WD-WXA1E51YE810YE810&q={searchTerms}
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=127.0.0.1:13828
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\
FF - prefs.js: browser.search.selectedEngine - webssearches
FF - prefs.js: browser.startup.homepage - hxxp://istart.webssearches.com/?type=hp&ts=1396204090&from=tugs&uid=WDCXWD7500BPVT-24HXZT1_WD-WXA1E51YE810YE810
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - c:\program files (x86)\SupTab\SupTab.dll
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-04-01  20:15:58
ComboFix-quarantined-files.txt  2014-04-01 18:15
.
Vor Suchlauf: 24 Verzeichnis(se), 488.313.073.664 Bytes frei
Nach Suchlauf: 30 Verzeichnis(se), 488.327.745.536 Bytes frei
.
- - End Of File - - 239FB14BC3BF57C8969DBE784F4D2056

--- --- ---

Gruß,
Roy

sunjojo · 01.04.2014, 21:59

Alles klar, dann gehts so weiter:

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 3
Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Poste folgende Logfiles in deiner nächsten Antwort:

AdwCleaner-Scan
JRT-Scan
FRST-Scan

royc · 02.04.2014, 19:06

So, weiter gehts:

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.023 - Bericht erstellt am 02/04/2014 um 19:14:05
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Michael - MICHAEL-LENOVO
# Gestartet von : C:\Users\Michael\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : IePluginService
Dienst Gelöscht : Re-markit
Dienst Gelöscht : Wpm

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\IePluginService
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Ordner Gelöscht : C:\Program Files (x86)\myfree codec
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Michael\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Michael\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Michael\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Michael\AppData\Roaming\SupTab
Ordner Gelöscht : C:\Users\Michael\AppData\Roaming\webssearches
Ordner Gelöscht : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\quick_start@gmail.com
Ordner Gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\user.js
Datei Gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.de_0.localstorage
Datei Gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.de_0.localstorage-journal
Datei Gelöscht : C:\windows\Tasks\Re-markit Update.job
Datei Gelöscht : C:\windows\System32\Tasks\Re-markit Update

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0053172.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0053172.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0053172.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0053172.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0054246.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0054246.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0054246.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0054246.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_jdownloader (1)_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_jdownloader (1)_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311172}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511421146}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522312272}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522422246}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555315572}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555425546}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566316672}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566426646}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544314472}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544424446}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311172}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511421146}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511311172}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511421146}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311172}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511421146}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522312272}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522422246}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555315572}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555425546}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566316672}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566426646}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311172}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511421146}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKLM\Software\installedbrowserextensions
Schlüssel Gelöscht : HKLM\Software\Myfree Codec
Schlüssel Gelöscht : HKLM\Software\supTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\webssearchesSoftware
Schlüssel Gelöscht : HKLM\Software\Wpm
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\installedbrowserextensions

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v27.0.1 (de)

[ Datei : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\prefs.js ]

Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://istart.webssearches.com/?type=hp&ts=1396458138&from=tugs&uid=WDCXWD7500BPVT-24HXZT1_WD-WXA1E51YE810YE810");
Zeile gelöscht : user_pref("extensions.crossrider.bic", "1451eb23e88ea2ce9084f613992dab6a");
Zeile gelöscht : user_pref("extensions.ntk.HISTORY", "[{\"title\":\"Google\",\"icon\":{\"spec\":\"moz-anno:favicon:hxxp://www.google.de/favicon.ico\"},\"uri\":\"hxxp://www.google.de/\",\"accessCount\":14,\"time\":1354[...]
Zeile gelöscht : user_pref("extensions.ntk.blacklist", "hxxp://gmail.com;hxxp://www.facebook.com/?ref=home;hxxps://mail.google.com/mail/?shva=1#inbox;hxxp://de-de.facebook.com/;hxxp://google.de/;hxxp://chip.de/;hxxps:[...]

-\\ Google Chrome v

[ Datei : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : search_url

*************************

AdwCleaner[R0].txt - [13617 octets] - [02/04/2014 19:13:10]
AdwCleaner[S0].txt - [11670 octets] - [02/04/2014 19:14:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11731 octets] ##########

--- --- ---

und

JRT Logfile:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Professional x64
Ran by Michael on 02.04.2014 at 19:20:57,33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0333C901-ECE3-4E97-A17F-53BE64019120}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{13EF6B17-2A28-4597-8A86-D02804F68BC3}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{20CBCE96-22A2-458B-A0E7-AD0721518AFE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4100F975-C4C7-4FAB-9501-F24972D82BD4}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4644C170-1209-4900-BB19-3A45E65463F4}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{601016E6-B19B-46AF-845D-D3CF596C4B0C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B35296C8-9397-49C6-818F-97B693A527BC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BB1127F9-BAE9-4BE9-83A5-EA7C6C0C0351}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CC3E50CC-9F9A-4A69-86F7-3F8304244C53}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DF84242B-27F4-4FEB-82B5-0A2801899275}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E37FE62C-486C-4FB9-90B7-D7B811E5C2E1}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{ED69ED79-1407-45BE-A515-0B35571D3599}



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Michael\AppData\Roaming\mozilla\firefox\profiles\wdhq29yd.default\extensions\{ef522540-89f5-46b9-b6fe-1829e2b572c6}
Emptied folder: C:\Users\Michael\AppData\Roaming\mozilla\firefox\profiles\wdhq29yd.default\minidumps [23 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.04.2014 at 19:27:20,05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- --- ---

und

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Michael (administrator) on MICHAEL-LENOVO on 02-04-2014 20:03:27
Running from C:\Users\Michael\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
() C:\Program Files (x86)\Re-markit Corp\Re-markit_wd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(McAfee, Inc.) C:\windows\system32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
() C:\windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe
(Akamai Technologies, Inc.) C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
() C:\Users\Michael\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Akamai Technologies, Inc.) C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mcconsol.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtLED\RtLEDService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtLED\RtLED.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11697768 2010-12-14] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-08-21] (Lenovo)
HKLM\...\Run: [OnekeyStudio] - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789920 2011-08-21] (Lenovo)
HKLM\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2011-08-21] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-08-21] (Lenovo(beijing) Limited)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [McAfeeUpdaterUI] - C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [136512 2009-01-16] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] - C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [124240 2009-04-29] (McAfee, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-03-28] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-06] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [CanonQuickMenu] - C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-977804215-3240316584-965802034-1002\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-977804215-3240316584-965802034-1002\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3477312 2012-01-19] (DT Soft Ltd)
HKU\S-1-5-21-977804215-3240316584-965802034-1002\...\Run: [Akamai NetSession Interface] - C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-977804215-3240316584-965802034-1002\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-11-06] (Samsung)
HKU\S-1-5-21-977804215-3240316584-965802034-1002\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Michael\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ExplorerWatcher Class - {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} - C:\Program Files (x86)\Clover\TabHelper64.dll (EJIE Technology)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} -  No File
Handler: x-owacid - {0215258f-f0a8-49de-bf1b-0ff02eda8807} -  No File
Handler-x32: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax (ACE GmbH)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: x-owacid - {0215258f-f0a8-49de-bf1b-0ff02eda8807} - C:\Program Files (x86)\Microsoft\Outlook Web Access SMIME Client\mimectl.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: webssearches
FF SelectedSearchEngine: webssearches
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1))%20%7B%20return%20'PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @fluxdvd.com/NPWMDRMWrapper - C:\Program Files (x86)\Videoload Manager\NPWMDRMWrapper.dll ( )
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @protectdisc.com/NPMPDRM - C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Michael\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Michael\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Michael\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: 20-20 3D Viewer - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\2020Player@2020Technologies.com [2011-09-27]
FF Extension: MediaPlayerplus - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com [2014-03-30]
FF Extension: HQVid8 - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com [2014-03-30]
FF Extension: Illimitux - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\illimitux@illimitux.net [2011-09-27]
FF Extension: Noia 2.0 (eXtreme) - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} [2011-09-27]
FF Extension: New Tab King - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF} [2013-02-06]
FF Extension: gui:config - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\guiconfig@slosd.net.xpi [2011-09-27]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2012-02-25]
FF Extension: Personas Plus - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\personas@christopher.beard.xpi [2013-03-12]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-24]
FF Extension: Fasterfox - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2012-02-05]
FF Extension: Adblock Plus - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-27]
FF Extension: DownThemAll! - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-09-27]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-02-20]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-07-03]
FF HKCU\...\Firefox\Extensions: [{5ae66703-77f8-4623-8c81-9ba769053c03}] - C:\Program Files (x86)\Re-markit Corp\158.xpi
FF Extension: Re-markit - C:\Program Files (x86)\Re-markit Corp\158.xpi [2014-03-30]

Chrome: 
=======
CHR DefaultSearchKeyword: webssearches
CHR DefaultSearchProvider: webssearches
CHR DefaultSearchURL: hxxp://istart.webssearches.com/web/?type=ds&ts=1396373751&from=tugs&uid=WDCXWD7500BPVT-24HXZT1_WD-WXA1E51YE810YE810&q={searchTerms}
CHR DefaultNewTabURL: 
CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-01]
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-03-17]
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-12]
CHR Extension: (Google-Suche) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-12]
CHR Extension: (HQ-Video-Pro-1.9) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm [2014-04-01]
CHR Extension: (MediaPlayerplus) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd [2014-04-01]
CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-04-01]
CHR Extension: (Google Mail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-12]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [956192 2011-02-15] (Broadcom Corporation.)
R2 McAfeeEngineService; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [19720 2009-04-29] (McAfee, Inc.)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [103744 2009-01-16] (McAfee, Inc.)
U2 McShield; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [176872 2009-04-29] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [62800 2009-04-29] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [78992 2009-04-29] (McAfee, Inc.)
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [75136 2011-09-30] ()
R2 RtLedService; C:\Program Files\Realtek\RtLED\RtLEDService.exe [311296 2010-09-30] (Realtek Semiconductor Corp.)

==================== Drivers (Whitelisted) ====================

S2 ASPI32; No ImagePath
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2011-11-05] (www.winchiphead.com)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-02-06] (DT Soft Ltd)
S3 jnprva; C:\Windows\System32\DRIVERS\jnprva.sys [26480 2011-09-07] (Juniper Networks, Inc.)
S3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [45352 2011-09-07] (Juniper Networks, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [97704 2009-04-29] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [120096 2009-04-29] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [466944 2009-04-29] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [76696 2009-04-29] (McAfee, Inc.)
R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [83912 2009-04-29] (McAfee, Inc.)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8200552 2010-12-15] (Realtek Semiconductor Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CLKMSVC10_3A60B698; 
U2 CLKMSVC10_C3B3B687; 
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
U2 DriverService; 
U2 IAStorDataMgrSvc; 
U2 idealife Update Service; 
U3 IGRS; 
U2 IviRegMgr; 
S3 jnprna; system32\DRIVERS\jnprna6.sys [X]
U2 Oasis2Service; 
U2 PCCarerServic; 
U2 ReadyComm.DirectRouter; 
U2 RichVideo; 
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5a\WNt500x64\Sandra.sys [X]
U2 SoftwareService; 
U2 Stereo Service; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-02 20:03 - 2014-04-02 20:03 - 00000000 ____D () C:\Users\Michael\Desktop\alte frst
2014-04-02 19:27 - 2014-04-02 19:27 - 00002216 _____ () C:\Users\Michael\Desktop\JRT.txt
2014-04-02 19:20 - 2014-04-02 19:20 - 00000000 ____D () C:\windows\ERUNT
2014-04-02 19:12 - 2014-04-02 19:14 - 00000000 ____D () C:\AdwCleaner
2014-04-02 19:10 - 2014-04-02 19:10 - 01038974 _____ (Thisisu) C:\Users\Michael\Desktop\JRT.exe
2014-04-02 19:07 - 2014-04-02 19:07 - 01426178 _____ () C:\Users\Michael\Desktop\adwcleaner.exe
2014-04-01 20:44 - 2014-04-01 20:44 - 00013888 _____ () C:\Users\Michael\AppData\Local\recently-used.xbel
2014-04-01 20:15 - 2014-04-01 20:15 - 00033902 _____ () C:\ComboFix.txt
2014-04-01 19:52 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-04-01 19:52 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-04-01 19:52 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-04-01 19:52 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-04-01 19:52 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-04-01 19:52 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-04-01 19:52 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-04-01 19:52 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-04-01 19:42 - 2014-04-01 20:16 - 00000000 ____D () C:\Qoobox
2014-04-01 19:42 - 2014-04-01 19:42 - 00000000 ___RD () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-01 19:42 - 2014-04-01 19:42 - 00000000 ___RD () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-01 19:41 - 2014-04-01 20:14 - 00000000 ____D () C:\windows\erdnt
2014-04-01 19:38 - 2014-04-01 19:39 - 05192353 ____R (Swearware) C:\Users\Michael\Desktop\ComboFix.exe
2014-04-01 19:35 - 2014-04-01 19:35 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-03-30 21:24 - 2014-03-30 21:24 - 00041218 _____ () C:\Users\Michael\Downloads\Addition.txt
2014-03-30 21:03 - 2014-04-02 20:03 - 00031194 _____ () C:\Users\Michael\Desktop\FRST.txt
2014-03-30 21:03 - 2014-04-02 20:03 - 00000000 ____D () C:\FRST
2014-03-30 21:01 - 2014-03-30 21:01 - 02157056 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2014-03-30 20:29 - 2014-04-02 19:16 - 00001662 _____ () C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-5.job
2014-03-30 20:29 - 2014-04-02 19:16 - 00001576 _____ () C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-1.job
2014-03-30 20:29 - 2014-04-02 19:16 - 00001570 _____ () C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-5.job
2014-03-30 20:29 - 2014-04-02 19:16 - 00001506 _____ () C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-2.job
2014-03-30 20:29 - 2014-04-02 19:16 - 00001466 _____ () C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-1.job
2014-03-30 20:29 - 2014-04-02 19:16 - 00001414 _____ () C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-2.job
2014-03-30 20:29 - 2014-03-30 20:29 - 00004692 _____ () C:\windows\System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-5
2014-03-30 20:29 - 2014-03-30 20:29 - 00004606 _____ () C:\windows\System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-1
2014-03-30 20:29 - 2014-03-30 20:29 - 00004600 _____ () C:\windows\System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-5
2014-03-30 20:29 - 2014-03-30 20:29 - 00004536 _____ () C:\windows\System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-2
2014-03-30 20:29 - 2014-03-30 20:29 - 00004496 _____ () C:\windows\System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-1
2014-03-30 20:29 - 2014-03-30 20:29 - 00004444 _____ () C:\windows\System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-2
2014-03-30 20:28 - 2014-04-02 19:16 - 00003462 _____ () C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-3.job
2014-03-30 20:28 - 2014-04-02 19:16 - 00003108 _____ () C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-3.job
2014-03-30 20:28 - 2014-04-02 19:16 - 00002568 _____ () C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-4.job
2014-03-30 20:28 - 2014-04-02 19:16 - 00002426 _____ () C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-4.job
2014-03-30 20:28 - 2014-04-02 19:16 - 00000394 _____ () C:\windows\Tasks\Re-markit_wd.job
2014-03-30 20:28 - 2014-03-30 20:29 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus
2014-03-30 20:28 - 2014-03-30 20:29 - 00000000 ____D () C:\Program Files (x86)\HQVid8
2014-03-30 20:28 - 2014-03-30 20:28 - 00006492 _____ () C:\windows\System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-3
2014-03-30 20:28 - 2014-03-30 20:28 - 00006138 _____ () C:\windows\System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-3
2014-03-30 20:28 - 2014-03-30 20:28 - 00005598 _____ () C:\windows\System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-4
2014-03-30 20:28 - 2014-03-30 20:28 - 00005456 _____ () C:\windows\System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-4
2014-03-30 20:28 - 2014-03-30 20:28 - 00002986 _____ () C:\windows\System32\Tasks\Re-markit_wd
2014-03-30 20:28 - 2014-03-30 20:28 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-03-30 20:28 - 2014-03-30 20:28 - 00000000 ____D () C:\Program Files (x86)\Re-markit Corp
2014-03-30 20:27 - 2014-03-30 20:27 - 00563712 _____ () C:\Users\Michael\Downloads\Java.exe
2014-03-27 20:26 - 2014-03-27 20:26 - 00000000 ____D () C:\Users\Michael\Downloads\EnviroBear2000
2014-03-13 20:36 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-13 20:36 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-13 20:36 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-13 20:36 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-13 20:36 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-13 20:36 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-13 20:36 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-13 20:36 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-13 20:36 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-13 20:36 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-13 20:36 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-13 20:36 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-13 20:36 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-13 20:36 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-13 20:36 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-13 20:36 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-13 20:36 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-13 20:36 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-13 20:36 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-13 20:36 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-13 20:36 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-13 20:36 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-13 20:36 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-13 20:36 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-13 20:36 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-13 20:36 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-13 20:36 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-13 20:36 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-13 20:36 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-13 20:36 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-13 20:36 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-13 20:36 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-13 20:36 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-13 20:36 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-13 20:36 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-13 20:36 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-13 20:36 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-13 20:36 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-13 20:36 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-13 20:36 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-13 20:35 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-13 20:35 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-13 20:35 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-13 20:35 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-13 20:35 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-13 20:35 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-13 20:35 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-13 20:35 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-13 20:32 - 2014-03-13 20:32 - 00000063 _____ () C:\Users\Michael\.gtk-bookmarks
2014-03-05 20:26 - 2014-03-05 20:26 - 14175091 _____ () C:\Users\Michael\Downloads\Tutorial-GIMP-Haut-glaetten.zip
2014-03-04 17:39 - 2014-03-05 19:52 - 125727092 _____ () C:\Users\Michael\Documents\IMG_2021a.xcf
2014-03-04 13:20 - 2014-03-16 21:32 - 00000000 ____D () C:\Scan
2014-03-04 13:18 - 2014-03-04 13:20 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-03-04 13:16 - 2014-03-04 13:18 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Canon
2014-03-04 13:16 - 2014-03-04 13:16 - 00000000 ___HD () C:\ProgramData\CanonIJEGV
2014-03-04 13:14 - 2014-03-04 13:14 - 00000000 ___HD () C:\ProgramData\CanonIJQuickMenu
2014-03-04 13:12 - 2012-03-26 06:00 - 00392192 _____ (CANON INC.) C:\windows\system32\CNMXLMB9.DLL
2014-03-04 13:11 - 2014-03-04 13:11 - 00000000 ____D () C:\ProgramData\Canon IJ Network Tool
2014-03-04 13:11 - 2012-02-08 17:34 - 00320000 _____ (CANON INC.) C:\windows\SysWOW64\CNC_B9L.dll
2014-03-04 13:11 - 2012-01-26 11:25 - 00081664 _____ () C:\windows\SysWOW64\CNC1763D.TBL
2014-03-04 13:11 - 2012-01-16 15:21 - 00103424 _____ (CANON INC.) C:\windows\SysWOW64\CNC_B9U.dll
2014-03-04 13:11 - 2008-08-25 19:02 - 00015872 _____ (CANON INC.) C:\windows\SysWOW64\CNHMCA.dll
2014-03-04 13:09 - 2014-03-04 13:09 - 00000000 ____D () C:\ProgramData\CanonIJWSpt
2014-03-04 13:09 - 2014-03-04 13:09 - 00000000 ____D () C:\Program Files\Common Files\CANON
2014-03-04 13:08 - 2014-03-04 13:08 - 00000000 ____D () C:\Program Files\Canon
2014-03-04 13:07 - 2014-03-04 13:07 - 00000000 ___HD () C:\windows\system32\CanonIJ Uninstaller Information
2014-03-04 13:07 - 2014-03-04 13:07 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-03-04 13:06 - 2014-03-04 13:06 - 00000000 ___HD () C:\Program Files\CanonBJ
2014-03-04 13:06 - 2012-03-26 06:00 - 00389120 _____ (CANON INC.) C:\windows\system32\CNMLMB9.DLL
2014-03-04 13:05 - 2014-03-04 13:05 - 00000000 ____D () C:\windows\system32\STRING
2014-03-04 13:05 - 2012-03-28 19:01 - 00359936 _____ (CANON INC.) C:\windows\system32\CNMN6PPM.DLL
2014-03-04 13:05 - 2012-03-28 19:01 - 00039424 _____ (CANON INC.) C:\windows\system32\CNMN6UI.DLL
2014-03-04 13:03 - 2014-03-04 13:16 - 00000000 ____D () C:\Program Files (x86)\Canon

==================== One Month Modified Files and Folders =======

2014-04-02 20:03 - 2014-04-02 20:03 - 00000000 ____D () C:\Users\Michael\Desktop\alte frst
2014-04-02 20:03 - 2014-03-30 21:03 - 00031194 _____ () C:\Users\Michael\Desktop\FRST.txt
2014-04-02 20:03 - 2014-03-30 21:03 - 00000000 ____D () C:\FRST
2014-04-02 20:02 - 2013-09-09 07:00 - 00022572 _____ () C:\windows\setupact.log
2014-04-02 19:51 - 2012-03-12 15:09 - 00001128 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-977804215-3240316584-965802034-1002UA.job
2014-04-02 19:39 - 2012-06-09 15:40 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-02 19:27 - 2014-04-02 19:27 - 00002216 _____ () C:\Users\Michael\Desktop\JRT.txt
2014-04-02 19:24 - 2009-07-14 06:45 - 00030352 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-02 19:24 - 2009-07-14 06:45 - 00030352 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-02 19:21 - 2011-08-21 08:35 - 00701560 _____ () C:\windows\system32\perfh007.dat
2014-04-02 19:21 - 2011-08-21 08:35 - 00150428 _____ () C:\windows\system32\perfc007.dat
2014-04-02 19:21 - 2009-07-14 07:13 - 01620612 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-02 19:20 - 2014-04-02 19:20 - 00000000 ____D () C:\windows\ERUNT
2014-04-02 19:16 - 2014-03-30 20:29 - 00001662 _____ () C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-5.job
2014-04-02 19:16 - 2014-03-30 20:29 - 00001576 _____ () C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-1.job
2014-04-02 19:16 - 2014-03-30 20:29 - 00001570 _____ () C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-5.job
2014-04-02 19:16 - 2014-03-30 20:29 - 00001506 _____ () C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-2.job
2014-04-02 19:16 - 2014-03-30 20:29 - 00001466 _____ () C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-1.job
2014-04-02 19:16 - 2014-03-30 20:29 - 00001414 _____ () C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-2.job
2014-04-02 19:16 - 2014-03-30 20:28 - 00003462 _____ () C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-3.job
2014-04-02 19:16 - 2014-03-30 20:28 - 00003108 _____ () C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-3.job
2014-04-02 19:16 - 2014-03-30 20:28 - 00002568 _____ () C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-4.job
2014-04-02 19:16 - 2014-03-30 20:28 - 00002426 _____ () C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-4.job
2014-04-02 19:16 - 2014-03-30 20:28 - 00000394 _____ () C:\windows\Tasks\Re-markit_wd.job
2014-04-02 19:16 - 2011-08-21 01:43 - 00001120 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-02 19:16 - 2011-08-21 01:38 - 00113937 _____ () C:\windows\system32\fastboot.set
2014-04-02 19:16 - 2011-08-21 01:34 - 03322987 _____ () C:\FaceProv.log
2014-04-02 19:15 - 2011-10-05 16:33 - 01168430 _____ () C:\windows\WindowsUpdate.log
2014-04-02 19:15 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-02 19:14 - 2014-04-02 19:12 - 00000000 ____D () C:\AdwCleaner
2014-04-02 19:10 - 2014-04-02 19:10 - 01038974 _____ (Thisisu) C:\Users\Michael\Desktop\JRT.exe
2014-04-02 19:08 - 2011-08-21 01:43 - 00001124 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-02 19:07 - 2014-04-02 19:07 - 01426178 _____ () C:\Users\Michael\Desktop\adwcleaner.exe
2014-04-02 19:01 - 2014-02-26 09:27 - 00184504 _____ () C:\windows\PFRO.log
2014-04-01 20:44 - 2014-04-01 20:44 - 00013888 _____ () C:\Users\Michael\AppData\Local\recently-used.xbel
2014-04-01 20:44 - 2014-03-01 12:22 - 00000000 ____D () C:\Users\Michael\.gimp-2.8
2014-04-01 20:37 - 2014-03-01 12:28 - 00000000 ____D () C:\Users\Michael\AppData\Local\gtk-2.0
2014-04-01 20:16 - 2014-04-01 19:42 - 00000000 ____D () C:\Qoobox
2014-04-01 20:15 - 2014-04-01 20:15 - 00033902 _____ () C:\ComboFix.txt
2014-04-01 20:14 - 2014-04-01 19:41 - 00000000 ____D () C:\windows\erdnt
2014-04-01 20:13 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini
2014-04-01 19:42 - 2014-04-01 19:42 - 00000000 ___RD () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-01 19:42 - 2014-04-01 19:42 - 00000000 ___RD () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-01 19:41 - 2011-09-28 00:03 - 00000000 ____D () C:\Users\Michael
2014-04-01 19:39 - 2014-04-01 19:38 - 05192353 ____R (Swearware) C:\Users\Michael\Desktop\ComboFix.exe
2014-04-01 19:35 - 2014-04-01 19:35 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-03-30 21:24 - 2014-03-30 21:24 - 00041218 _____ () C:\Users\Michael\Downloads\Addition.txt
2014-03-30 21:01 - 2014-03-30 21:01 - 02157056 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2014-03-30 20:29 - 2014-03-30 20:29 - 00004692 _____ () C:\windows\System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-5
2014-03-30 20:29 - 2014-03-30 20:29 - 00004606 _____ () C:\windows\System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-1
2014-03-30 20:29 - 2014-03-30 20:29 - 00004600 _____ () C:\windows\System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-5
2014-03-30 20:29 - 2014-03-30 20:29 - 00004536 _____ () C:\windows\System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-2
2014-03-30 20:29 - 2014-03-30 20:29 - 00004496 _____ () C:\windows\System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-1
2014-03-30 20:29 - 2014-03-30 20:29 - 00004444 _____ () C:\windows\System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-2
2014-03-30 20:29 - 2014-03-30 20:28 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus
2014-03-30 20:29 - 2014-03-30 20:28 - 00000000 ____D () C:\Program Files (x86)\HQVid8
2014-03-30 20:28 - 2014-03-30 20:28 - 00006492 _____ () C:\windows\System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-3
2014-03-30 20:28 - 2014-03-30 20:28 - 00006138 _____ () C:\windows\System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-3
2014-03-30 20:28 - 2014-03-30 20:28 - 00005598 _____ () C:\windows\System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-4
2014-03-30 20:28 - 2014-03-30 20:28 - 00005456 _____ () C:\windows\System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-4
2014-03-30 20:28 - 2014-03-30 20:28 - 00002986 _____ () C:\windows\System32\Tasks\Re-markit_wd
2014-03-30 20:28 - 2014-03-30 20:28 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-03-30 20:28 - 2014-03-30 20:28 - 00000000 ____D () C:\Program Files (x86)\Re-markit Corp
2014-03-30 20:28 - 2009-07-14 05:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-03-30 20:28 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy
2014-03-30 20:27 - 2014-03-30 20:27 - 00563712 _____ () C:\Users\Michael\Downloads\Java.exe
2014-03-29 18:03 - 2011-08-21 01:43 - 00004120 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-29 18:03 - 2011-08-21 01:43 - 00003868 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-28 06:51 - 2012-03-12 15:09 - 00001076 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-977804215-3240316584-965802034-1002Core.job
2014-03-28 06:46 - 2012-03-12 15:09 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-977804215-3240316584-965802034-1002UA
2014-03-28 06:46 - 2012-03-12 15:09 - 00003710 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-977804215-3240316584-965802034-1002Core
2014-03-27 20:50 - 2011-09-28 16:14 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Juniper Networks
2014-03-27 20:49 - 2011-09-28 16:14 - 00000000 ____D () C:\Program Files (x86)\Juniper Networks
2014-03-27 20:26 - 2014-03-27 20:26 - 00000000 ____D () C:\Users\Michael\Downloads\EnviroBear2000
2014-03-22 16:57 - 2012-07-04 19:36 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\vlc
2014-03-19 21:12 - 2013-08-14 21:03 - 00000000 ____D () C:\windows\system32\MRT
2014-03-19 21:09 - 2011-09-27 22:16 - 00000000 ___RD () C:\Users\Michael\Dropbox
2014-03-19 21:09 - 2011-09-27 21:14 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-19 19:42 - 2011-09-27 22:15 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Dropbox
2014-03-16 21:32 - 2014-03-04 13:20 - 00000000 ____D () C:\Scan
2014-03-15 21:59 - 2014-03-01 11:19 - 00000000 ____D () C:\Users\Michael\Desktop\Shooting
2014-03-14 07:23 - 2009-07-14 06:45 - 00493672 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-14 07:21 - 2013-03-14 08:43 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 07:21 - 2013-03-14 08:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 21:26 - 2012-03-07 20:10 - 00000039 _____ () C:\windows\vbaddin.ini
2014-03-13 21:26 - 2011-09-27 19:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-13 20:32 - 2014-03-13 20:32 - 00000063 _____ () C:\Users\Michael\.gtk-bookmarks
2014-03-12 21:39 - 2012-06-09 15:40 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 21:39 - 2012-04-13 23:26 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 21:39 - 2011-09-27 18:17 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 08:25 - 2013-08-08 21:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-09 19:06 - 2013-03-12 15:54 - 00011264 _____ () C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-09 18:25 - 2009-07-14 07:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-03-09 15:43 - 2009-07-14 07:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-03-08 19:43 - 2012-12-28 20:32 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\DivX
2014-03-07 18:18 - 2009-07-14 07:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-03-05 20:26 - 2014-03-05 20:26 - 14175091 _____ () C:\Users\Michael\Downloads\Tutorial-GIMP-Haut-glaetten.zip
2014-03-05 19:52 - 2014-03-04 17:39 - 125727092 _____ () C:\Users\Michael\Documents\IMG_2021a.xcf
2014-03-04 13:20 - 2014-03-04 13:18 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-03-04 13:18 - 2014-03-04 13:16 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Canon
2014-03-04 13:16 - 2014-03-04 13:16 - 00000000 ___HD () C:\ProgramData\CanonIJEGV
2014-03-04 13:16 - 2014-03-04 13:03 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-03-04 13:14 - 2014-03-04 13:14 - 00000000 ___HD () C:\ProgramData\CanonIJQuickMenu
2014-03-04 13:11 - 2014-03-04 13:11 - 00000000 ____D () C:\ProgramData\Canon IJ Network Tool
2014-03-04 13:11 - 2009-07-14 05:20 - 00000000 __RSD () C:\windows\Media
2014-03-04 13:09 - 2014-03-04 13:09 - 00000000 ____D () C:\ProgramData\CanonIJWSpt
2014-03-04 13:09 - 2014-03-04 13:09 - 00000000 ____D () C:\Program Files\Common Files\CANON
2014-03-04 13:08 - 2014-03-04 13:08 - 00000000 ____D () C:\Program Files\Canon
2014-03-04 13:07 - 2014-03-04 13:07 - 00000000 ___HD () C:\windows\system32\CanonIJ Uninstaller Information
2014-03-04 13:07 - 2014-03-04 13:07 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-03-04 13:06 - 2014-03-04 13:06 - 00000000 ___HD () C:\Program Files\CanonBJ
2014-03-04 13:05 - 2014-03-04 13:05 - 00000000 ____D () C:\windows\system32\STRING

Files to move or delete:
====================
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT


Some content of TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 22:11

==================== End Of Log ============================

--- --- ---

--- --- ---

sunjojo · 02.04.2014, 19:52

Alles klar

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

() C:\Program Files (x86)\Re-markit Corp\Re-markit_wd.exe
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: webssearches
FF SelectedSearchEngine: webssearches
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1))%20%7B%20return%20'PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF Extension: MediaPlayerplus - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com [2014-03-30]
FF Extension: HQVid8 - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com [2014-03-30]
FF HKCU\...\Firefox\Extensions: [{5ae66703-77f8-4623-8c81-9ba769053c03}] - C:\Program Files (x86)\Re-markit Corp\158.xpi
FF Extension: Re-markit - C:\Program Files (x86)\Re-markit Corp\158.xpi [2014-03-30]CHR Extension: (HQ-Video-Pro-1.9) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm [2014-04-01]
CHR Extension: (MediaPlayerplus) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd [2014-04-01]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-03-30 20:29 - 2014-04-02 19:16 - 00001662 _____ () C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-5.job
2014-03-30 20:29 - 2014-04-02 19:16 - 00001576 _____ () C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-1.job
2014-03-30 20:29 - 2014-04-02 19:16 - 00001570 _____ () C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-5.job
2014-03-30 20:29 - 2014-04-02 19:16 - 00001506 _____ () C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-2.job
2014-03-30 20:29 - 2014-04-02 19:16 - 00001466 _____ () C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-1.job
2014-03-30 20:29 - 2014-04-02 19:16 - 00001414 _____ () C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-2.job
2014-03-30 20:29 - 2014-03-30 20:29 - 00004692 _____ () C:\windows\System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-5
2014-03-30 20:29 - 2014-03-30 20:29 - 00004606 _____ () C:\windows\System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-1
2014-03-30 20:29 - 2014-03-30 20:29 - 00004600 _____ () C:\windows\System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-5
2014-03-30 20:29 - 2014-03-30 20:29 - 00004536 _____ () C:\windows\System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-2
2014-03-30 20:29 - 2014-03-30 20:29 - 00004496 _____ () C:\windows\System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-1
2014-03-30 20:29 - 2014-03-30 20:29 - 00004444 _____ () C:\windows\System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-2
2014-03-30 20:28 - 2014-04-02 19:16 - 00003462 _____ () C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-3.job
2014-03-30 20:28 - 2014-04-02 19:16 - 00003108 _____ () C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-3.job
2014-03-30 20:28 - 2014-04-02 19:16 - 00002568 _____ () C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-4.job
2014-03-30 20:28 - 2014-04-02 19:16 - 00002426 _____ () C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-4.job
2014-03-30 20:28 - 2014-04-02 19:16 - 00000394 _____ () C:\windows\Tasks\Re-markit_wd.job
2014-03-30 20:28 - 2014-03-30 20:29 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus
2014-03-30 20:28 - 2014-03-30 20:29 - 00000000 ____D () C:\Program Files (x86)\HQVid8
2014-03-30 20:28 - 2014-03-30 20:28 - 00006492 _____ () C:\windows\System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-3
2014-03-30 20:28 - 2014-03-30 20:28 - 00006138 _____ () C:\windows\System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-3
2014-03-30 20:28 - 2014-03-30 20:28 - 00005598 _____ () C:\windows\System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-4
2014-03-30 20:28 - 2014-03-30 20:28 - 00005456 _____ () C:\windows\System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-4
2014-03-30 20:28 - 2014-03-30 20:28 - 00002986 _____ () C:\windows\System32\Tasks\Re-markit_wd
2014-03-30 20:28 - 2014-03-30 20:28 - 00000000 ____D () C:\Program Files (x86)\Re-markit Corp
2014-03-30 20:27 - 2014-03-30 20:27 - 00563712 _____ () C:\Users\Michael\Downloads\Java.exe
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Öffne deinen Google Chrome Browser.

Klicke auf das Chrome-Menü (rechts im Browser).
Wähle nun "Einstellungen" in dem Menü aus.
Scrolle nach unten und klicke "Erweiterte Einstellungen anzeigen" an.
Nun werden dir weitere Optionen angezeigt. Wähle aus (letzter Punkt der Einstellungsmöglichkeiten).
Ein Fenster wird geöffnet, in welchem du "Zurücksetzen" auswählst.
Jetzt werden deine aktuellen Browsereinstellungen zurückgesetzt (Startseite, Suchseite, ...), Erweiterungen und Designs deaktiviert.

Schritt 3
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 4

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Mache bitte einen Neustart.
Schritt 5
Starte noch einmal FRST.

Setze einen Haken bei Additions.txt und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt der beiden Logfiles bitte hier in deinen Thread.

Poste folgende Logfiles in deiner nächsten Antwort:

FRST-Fix
MBAM-Scan
ESET-Scan
FRST-Scan

royc · 03.04.2014, 04:59

Hi Jonas,

hier kommen die ersten beiden logs:
Fixlog.txt:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Michael at 2014-04-02 21:21:14 Run:1
Running from C:\Users\Michael\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
() C:\Program Files (x86)\Re-markit Corp\Re-markit_wd.exe
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: webssearches
FF SelectedSearchEngine: webssearches
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1))%20%7B%20return%20'PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF Extension: MediaPlayerplus - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com [2014-03-30]
FF Extension: HQVid8 - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com [2014-03-30]
FF HKCU\...\Firefox\Extensions: [{5ae66703-77f8-4623-8c81-9ba769053c03}] - C:\Program Files (x86)\Re-markit Corp\158.xpi
FF Extension: Re-markit - C:\Program Files (x86)\Re-markit Corp\158.xpi [2014-03-30]CHR Extension: (HQ-Video-Pro-1.9) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm [2014-04-01]
CHR Extension: (MediaPlayerplus) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd [2014-04-01]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-03-30 20:29 - 2014-04-02 19:16 - 00001662 _____ () C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-5.job
2014-03-30 20:29 - 2014-04-02 19:16 - 00001576 _____ () C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-1.job
2014-03-30 20:29 - 2014-04-02 19:16 - 00001570 _____ () C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-5.job
2014-03-30 20:29 - 2014-04-02 19:16 - 00001506 _____ () C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-2.job
2014-03-30 20:29 - 2014-04-02 19:16 - 00001466 _____ () C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-1.job
2014-03-30 20:29 - 2014-04-02 19:16 - 00001414 _____ () C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-2.job
2014-03-30 20:29 - 2014-03-30 20:29 - 00004692 _____ () C:\windows\System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-5
2014-03-30 20:29 - 2014-03-30 20:29 - 00004606 _____ () C:\windows\System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-1
2014-03-30 20:29 - 2014-03-30 20:29 - 00004600 _____ () C:\windows\System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-5
2014-03-30 20:29 - 2014-03-30 20:29 - 00004536 _____ () C:\windows\System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-2
2014-03-30 20:29 - 2014-03-30 20:29 - 00004496 _____ () C:\windows\System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-1
2014-03-30 20:29 - 2014-03-30 20:29 - 00004444 _____ () C:\windows\System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-2
2014-03-30 20:28 - 2014-04-02 19:16 - 00003462 _____ () C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-3.job
2014-03-30 20:28 - 2014-04-02 19:16 - 00003108 _____ () C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-3.job
2014-03-30 20:28 - 2014-04-02 19:16 - 00002568 _____ () C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-4.job
2014-03-30 20:28 - 2014-04-02 19:16 - 00002426 _____ () C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-4.job
2014-03-30 20:28 - 2014-04-02 19:16 - 00000394 _____ () C:\windows\Tasks\Re-markit_wd.job
2014-03-30 20:28 - 2014-03-30 20:29 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus
2014-03-30 20:28 - 2014-03-30 20:29 - 00000000 ____D () C:\Program Files (x86)\HQVid8
2014-03-30 20:28 - 2014-03-30 20:28 - 00006492 _____ () C:\windows\System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-3
2014-03-30 20:28 - 2014-03-30 20:28 - 00006138 _____ () C:\windows\System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-3
2014-03-30 20:28 - 2014-03-30 20:28 - 00005598 _____ () C:\windows\System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-4
2014-03-30 20:28 - 2014-03-30 20:28 - 00005456 _____ () C:\windows\System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-4
2014-03-30 20:28 - 2014-03-30 20:28 - 00002986 _____ () C:\windows\System32\Tasks\Re-markit_wd
2014-03-30 20:28 - 2014-03-30 20:28 - 00000000 ____D () C:\Program Files (x86)\Re-markit Corp
2014-03-30 20:27 - 2014-03-30 20:27 - 00563712 _____ () C:\Users\Michael\Downloads\Java.exe
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
         
*****************

[2184] C:\Program Files (x86)\Re-markit Corp\Re-markit_wd.exe => Process closed successfully.
"C:\\PROGRA~2\\SupTab\\SEARCH~2.DLL" => Value Data removed successfully.
"C:\\PROGRA~2\\SupTab\\SEARCH~1.DLL" => Value Data removed successfully.
C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
Firefox newtab deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox Proxy settings were reset.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml => Moved successfully.
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com => Moved successfully.
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com => Moved successfully.
HKCU\Software\Mozilla\Firefox\Extensions\\{5ae66703-77f8-4623-8c81-9ba769053c03} => Value deleted successfully.
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm => Moved successfully.
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd => Moved successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-5.job => Moved successfully.
C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-1.job => Moved successfully.
C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-5.job => Moved successfully.
C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-2.job => Moved successfully.
C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-1.job => Moved successfully.
C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-2.job => Moved successfully.
C:\windows\System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-5 => Moved successfully.
C:\windows\System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-1 => Moved successfully.
C:\windows\System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-5 => Moved successfully.
C:\windows\System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-2 => Moved successfully.
C:\windows\System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-1 => Moved successfully.
C:\windows\System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-2 => Moved successfully.
C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-3.job => Moved successfully.
C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-3.job => Moved successfully.
C:\windows\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-4.job => Moved successfully.
C:\windows\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-4.job => Moved successfully.
C:\windows\Tasks\Re-markit_wd.job => Moved successfully.
C:\Program Files (x86)\MediaPlayerplus => Moved successfully.
C:\Program Files (x86)\HQVid8 => Moved successfully.
C:\windows\System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-3 => Moved successfully.
C:\windows\System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-3 => Moved successfully.
C:\windows\System32\Tasks\9b0b99bf-8395-4071-85ce-258ecccd2e05-4 => Moved successfully.
C:\windows\System32\Tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-4 => Moved successfully.
C:\windows\System32\Tasks\Re-markit_wd => Moved successfully.
C:\Program Files (x86)\Re-markit Corp => Moved successfully.
C:\Users\Michael\Downloads\Java.exe => Moved successfully.
C:\ProgramData\PKP_DLes.DAT => Moved successfully.
C:\ProgramData\PKP_DLet.DAT => Moved successfully.
C:\ProgramData\PKP_DLev.DAT => Moved successfully.


The system needed a reboot. 

==== End of Fixlog ====

und mbam.txt

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 02.04.2014
Suchlauf-Zeit: 22:22:08
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.0.1000
Malware Datenbank: v2014.04.02.08
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Michael

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 308546
Verstrichene Zeit: 27 Min, 43 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 3
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\MediaPlayerplus, In Quarantäne, [857b45bb49b718e8e7921a43be447c84], 
PUP.Optional.MediaPlayerplus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerplus, In Quarantäne, [59a710f035cba35d6c0f7ce1a161ec14], 
PUP.Optional.MediaPlayerplus.A, HKU\S-1-5-21-977804215-3240316584-965802034-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerplus, In Quarantäne, [5fa1c63aeb15a45cd8a3451828daa35d], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 4
PUP.Optional.CrossRider.A, C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_majjphhgppkndjjkmhhnbgafooenebhd_0, In Quarantäne, [30d0be42ec143ac612f64f0b32d0738d], 
PUP.Optional.CrossRider.A, C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd, In Quarantäne, [05fbd030cd335ea274a06dedca3807f9], 
PUP.Optional.CrossRider.A, C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_deghekbbihbapplmbffglehkdhkeibbm_0, In Quarantäne, [3ec202fe3bc54fb1093bd3877f835fa1], 
PUP.Optional.CrossRider.A, C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\deghekbbihbapplmbffglehkdhkeibbm, In Quarantäne, [26da6799e81834ccc28ffd5d4ab84bb5], 

Dateien: 27
PUP.Optional.OpenCandy, C:\Users\Michael\downloads\DTLite4452-0287.exe, In Quarantäne, [748cc33dea16be4213a62e06dd2751af], 
PUP.Optional.CrossRider.A, C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_deghekbbihbapplmbffglehkdhkeibbm_0.localstorage, In Quarantäne, [ce32be427987ac54c339590335cd827e], 
PUP.Optional.CrossRider.A, C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_deghekbbihbapplmbffglehkdhkeibbm_0.localstorage-journal, In Quarantäne, [0cf4aa567f81718f2fcd5804a35f0ff1], 
PUP.Optional.QuickStart.A, C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx, In Quarantäne, [7888ff0119e7b9475bcb76e79a6811ef], 
PUP.Optional.CrossRider.A, C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_majjphhgppkndjjkmhhnbgafooenebhd_0.localstorage, In Quarantäne, [57a95fa1ba46bb4575dab1acb34f04fc], 
PUP.Optional.CrossRider.A, C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_majjphhgppkndjjkmhhnbgafooenebhd_0.localstorage-journal, In Quarantäne, [14ecb05027d908f84b041c41b84a0ef2], 
PUP.Optional.CrossRider.A, C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_majjphhgppkndjjkmhhnbgafooenebhd_0\17, In Quarantäne, [30d0be42ec143ac612f64f0b32d0738d], 
PUP.Optional.CrossRider.A, C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\000005.ldb, In Quarantäne, [05fbd030cd335ea274a06dedca3807f9], 
PUP.Optional.CrossRider.A, C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\000026.ldb, In Quarantäne, [05fbd030cd335ea274a06dedca3807f9], 
PUP.Optional.CrossRider.A, C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\000039.log, In Quarantäne, [05fbd030cd335ea274a06dedca3807f9], 
PUP.Optional.CrossRider.A, C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\CURRENT, In Quarantäne, [05fbd030cd335ea274a06dedca3807f9], 
PUP.Optional.CrossRider.A, C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\LOCK, In Quarantäne, [05fbd030cd335ea274a06dedca3807f9], 
PUP.Optional.CrossRider.A, C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\LOG, In Quarantäne, [05fbd030cd335ea274a06dedca3807f9], 
PUP.Optional.CrossRider.A, C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\LOG.old, In Quarantäne, [05fbd030cd335ea274a06dedca3807f9], 
PUP.Optional.CrossRider.A, C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\MANIFEST-000037, In Quarantäne, [05fbd030cd335ea274a06dedca3807f9], 
PUP.Optional.CrossRider.A, C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_deghekbbihbapplmbffglehkdhkeibbm_0\16, In Quarantäne, [3ec202fe3bc54fb1093bd3877f835fa1], 
PUP.Optional.CrossRider.A, C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_deghekbbihbapplmbffglehkdhkeibbm_0\16-journal, In Quarantäne, [3ec202fe3bc54fb1093bd3877f835fa1], 
PUP.Optional.CrossRider.A, C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\deghekbbihbapplmbffglehkdhkeibbm\000005.ldb, In Quarantäne, [26da6799e81834ccc28ffd5d4ab84bb5], 
PUP.Optional.CrossRider.A, C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\deghekbbihbapplmbffglehkdhkeibbm\000026.ldb, In Quarantäne, [26da6799e81834ccc28ffd5d4ab84bb5], 
PUP.Optional.CrossRider.A, C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\deghekbbihbapplmbffglehkdhkeibbm\000039.log, In Quarantäne, [26da6799e81834ccc28ffd5d4ab84bb5], 
PUP.Optional.CrossRider.A, C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\deghekbbihbapplmbffglehkdhkeibbm\CURRENT, In Quarantäne, [26da6799e81834ccc28ffd5d4ab84bb5], 
PUP.Optional.CrossRider.A, C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\deghekbbihbapplmbffglehkdhkeibbm\LOCK, In Quarantäne, [26da6799e81834ccc28ffd5d4ab84bb5], 
PUP.Optional.CrossRider.A, C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\deghekbbihbapplmbffglehkdhkeibbm\LOG, In Quarantäne, [26da6799e81834ccc28ffd5d4ab84bb5], 
PUP.Optional.CrossRider.A, C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\deghekbbihbapplmbffglehkdhkeibbm\LOG.old, In Quarantäne, [26da6799e81834ccc28ffd5d4ab84bb5], 
PUP.Optional.CrossRider.A, C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\deghekbbihbapplmbffglehkdhkeibbm\MANIFEST-000037, In Quarantäne, [26da6799e81834ccc28ffd5d4ab84bb5], 
PUP.Optional.CrossRider.A, C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.pluginsurl", "hxxp://js.clientdataservice.com/plugin/apps/54246/plugins/094/ff/plugins.json");), Ersetzt,[f20ea85854ac966a0899e15a25df05fb]
PUP.Optional.CrossRider.A, C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.pluginsurl", "hxxp://js.clientdataservice.com/plugin/apps/53172/plugins/094/ff/plugins.json");), Ersetzt,[b14f24dc41bf2fd1297869d257ad0ef2]

Physische Sektoren: 0
(No malicious items detected)


(end)

und weiter mit ESET:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=775685975248004f954be1e53c749d1b
# engine=17730
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-03 12:47:33
# local_time=2014-04-03 02:47:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 26470 148115903 0 0
# scanned=586566
# found=3
# cleaned=0
# scan_time=15231
sh=5656DCBCACA6137708045867BCDD90166A02C646 ft=1 fh=c71c0011101fcaf6 vn="a variant of Win32/AdWare.AddLyrics.AI application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Re-markit Corp\ReMar.exe"
sh=CE4F680EA23AF653485ABE664AFA9647718B6F74 ft=1 fh=d78ba32eb59bf249 vn="a variant of Win32/AdWare.AddLyrics.AH application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Re-markit Corp\Uninstall.exe"
sh=249280331F45CCC38E9E3FA5F8F328F49BC1BBA3 ft=0 fh=0000000000000000 vn="a variant of Java/Agent.DM trojan" ac=I fn="C:\Users\Michael\Alte Benutzerdaten\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\1e69c979-4c3fa680"

FRST-Scan:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Michael (administrator) on MICHAEL-LENOVO on 03-04-2014 05:55:13
Running from C:\Users\Michael\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(McAfee, Inc.) C:\windows\system32\mfevtps.exe
() C:\windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Akamai Technologies, Inc.) C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
() C:\Users\Michael\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Akamai Technologies, Inc.) C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtLED\RtLEDService.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtLED\RtLED.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mcconsol.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(EJIE Technology) C:\Program Files (x86)\Clover\clover.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11697768 2010-12-14] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-08-21] (Lenovo)
HKLM\...\Run: [OnekeyStudio] - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789920 2011-08-21] (Lenovo)
HKLM\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2011-08-21] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-08-21] (Lenovo(beijing) Limited)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [McAfeeUpdaterUI] - C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [136512 2009-01-16] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] - C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [124240 2009-04-29] (McAfee, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-03-28] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-06] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [CanonQuickMenu] - C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-977804215-3240316584-965802034-1002\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-977804215-3240316584-965802034-1002\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3477312 2012-01-19] (DT Soft Ltd)
HKU\S-1-5-21-977804215-3240316584-965802034-1002\...\Run: [Akamai NetSession Interface] - C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-977804215-3240316584-965802034-1002\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-11-06] (Samsung)
HKU\S-1-5-21-977804215-3240316584-965802034-1002\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Michael\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ExplorerWatcher Class - {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} - C:\Program Files (x86)\Clover\TabHelper64.dll (EJIE Technology)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} -  No File
Handler: x-owacid - {0215258f-f0a8-49de-bf1b-0ff02eda8807} -  No File
Handler-x32: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax (ACE GmbH)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: x-owacid - {0215258f-f0a8-49de-bf1b-0ff02eda8807} - C:\Program Files (x86)\Microsoft\Outlook Web Access SMIME Client\mimectl.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @fluxdvd.com/NPWMDRMWrapper - C:\Program Files (x86)\Videoload Manager\NPWMDRMWrapper.dll ( )
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @protectdisc.com/NPMPDRM - C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Michael\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Michael\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Michael\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: 20-20 3D Viewer - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\2020Player@2020Technologies.com [2011-09-27]
FF Extension: Illimitux - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\illimitux@illimitux.net [2011-09-27]
FF Extension: Noia 2.0 (eXtreme) - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} [2011-09-27]
FF Extension: New Tab King - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF} [2013-02-06]
FF Extension: gui:config - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\guiconfig@slosd.net.xpi [2011-09-27]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2012-02-25]
FF Extension: Personas Plus - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\personas@christopher.beard.xpi [2013-03-12]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-24]
FF Extension: Fasterfox - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2012-02-05]
FF Extension: Adblock Plus - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-27]
FF Extension: DownThemAll! - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\wdhq29yd.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-09-27]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-02-20]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-07-03]

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-01]
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-03-17]
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-12]
CHR Extension: (Google-Suche) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-12]
CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-04-01]
CHR Extension: (Google Mail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-12]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [956192 2011-02-15] (Broadcom Corporation.)
R2 McAfeeEngineService; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [19720 2009-04-29] (McAfee, Inc.)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [103744 2009-01-16] (McAfee, Inc.)
U2 McShield; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [176872 2009-04-29] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [62800 2009-04-29] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [78992 2009-04-29] (McAfee, Inc.)
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [75136 2011-09-30] ()
R2 RtLedService; C:\Program Files\Realtek\RtLED\RtLEDService.exe [311296 2010-09-30] (Realtek Semiconductor Corp.)

==================== Drivers (Whitelisted) ====================

S2 ASPI32; No ImagePath
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2011-11-05] (www.winchiphead.com)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-02-06] (DT Soft Ltd)
S3 jnprva; C:\Windows\System32\DRIVERS\jnprva.sys [26480 2011-09-07] (Juniper Networks, Inc.)
S3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [45352 2011-09-07] (Juniper Networks, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [97704 2009-04-29] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [120096 2009-04-29] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [466944 2009-04-29] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [76696 2009-04-29] (McAfee, Inc.)
R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [83912 2009-04-29] (McAfee, Inc.)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8200552 2010-12-15] (Realtek Semiconductor Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CLKMSVC10_3A60B698; 
U2 CLKMSVC10_C3B3B687; 
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
U2 DriverService; 
U2 IAStorDataMgrSvc; 
U2 idealife Update Service; 
U3 IGRS; 
U2 IviRegMgr; 
S3 jnprna; system32\DRIVERS\jnprna6.sys [X]
U2 Oasis2Service; 
U2 PCCarerServic; 
U2 ReadyComm.DirectRouter; 
U2 RichVideo; 
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5a\WNt500x64\Sandra.sys [X]
U2 SoftwareService; 
U2 Stereo Service; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-03 05:55 - 2014-04-03 05:55 - 00026527 _____ () C:\Users\Michael\Desktop\FRST.txt
2014-04-02 22:31 - 2014-04-02 22:31 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-02 22:28 - 2014-04-02 22:28 - 00008375 _____ () C:\Users\Michael\Desktop\mbam.txt
2014-04-02 21:52 - 2014-04-02 22:27 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-02 21:52 - 2014-04-02 21:52 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-02 21:52 - 2014-04-02 21:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-02 21:52 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-02 21:52 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-02 21:20 - 2014-04-02 21:21 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Michael\Desktop\mbam-setup-2.0.0.1000.exe
2014-04-02 20:03 - 2014-04-02 22:27 - 00000000 ____D () C:\Users\Michael\Desktop\alte frst
2014-04-02 19:27 - 2014-04-02 19:27 - 00002216 _____ () C:\Users\Michael\Desktop\JRT.txt
2014-04-02 19:20 - 2014-04-02 19:20 - 00000000 ____D () C:\windows\ERUNT
2014-04-02 19:12 - 2014-04-02 19:14 - 00000000 ____D () C:\AdwCleaner
2014-04-02 19:10 - 2014-04-02 19:10 - 01038974 _____ (Thisisu) C:\Users\Michael\Desktop\JRT.exe
2014-04-02 19:07 - 2014-04-02 19:07 - 01426178 _____ () C:\Users\Michael\Desktop\adwcleaner.exe
2014-04-01 20:44 - 2014-04-01 20:44 - 00013888 _____ () C:\Users\Michael\AppData\Local\recently-used.xbel
2014-04-01 20:15 - 2014-04-01 20:15 - 00033902 _____ () C:\ComboFix.txt
2014-04-01 19:52 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-04-01 19:52 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-04-01 19:52 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-04-01 19:52 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-04-01 19:52 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-04-01 19:52 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-04-01 19:52 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-04-01 19:52 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-04-01 19:42 - 2014-04-01 20:16 - 00000000 ____D () C:\Qoobox
2014-04-01 19:42 - 2014-04-01 19:42 - 00000000 ___RD () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-01 19:42 - 2014-04-01 19:42 - 00000000 ___RD () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-01 19:41 - 2014-04-01 20:14 - 00000000 ____D () C:\windows\erdnt
2014-04-01 19:38 - 2014-04-01 19:39 - 05192353 ____R (Swearware) C:\Users\Michael\Desktop\ComboFix.exe
2014-04-01 19:35 - 2014-04-01 19:35 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-03-30 21:24 - 2014-03-30 21:24 - 00041218 _____ () C:\Users\Michael\Downloads\Addition.txt
2014-03-30 21:05 - 2014-03-30 21:06 - 00041218 _____ () C:\Users\Michael\Desktop\Addition.txt
2014-03-30 21:03 - 2014-04-03 05:55 - 00000000 ____D () C:\FRST
2014-03-30 21:01 - 2014-03-30 21:01 - 02157056 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2014-03-30 20:28 - 2014-04-02 21:23 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-03-27 20:26 - 2014-03-27 20:26 - 00000000 ____D () C:\Users\Michael\Downloads\EnviroBear2000
2014-03-13 20:36 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-13 20:36 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-13 20:36 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-13 20:36 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-13 20:36 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-13 20:36 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-13 20:36 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-13 20:36 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-13 20:36 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-13 20:36 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-13 20:36 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-13 20:36 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-13 20:36 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-13 20:36 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-13 20:36 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-13 20:36 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-13 20:36 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-13 20:36 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-13 20:36 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-13 20:36 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-13 20:36 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-13 20:36 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-13 20:36 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-13 20:36 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-13 20:36 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-13 20:36 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-13 20:36 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-13 20:36 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-13 20:36 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-13 20:36 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-13 20:36 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-13 20:36 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-13 20:36 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-13 20:36 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-13 20:36 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-13 20:36 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-13 20:36 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-13 20:36 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-13 20:36 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-13 20:36 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-13 20:35 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-13 20:35 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-13 20:35 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-13 20:35 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-13 20:35 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-13 20:35 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-13 20:35 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-13 20:35 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-13 20:32 - 2014-03-13 20:32 - 00000063 _____ () C:\Users\Michael\.gtk-bookmarks
2014-03-05 20:26 - 2014-03-05 20:26 - 14175091 _____ () C:\Users\Michael\Downloads\Tutorial-GIMP-Haut-glaetten.zip
2014-03-04 17:39 - 2014-03-05 19:52 - 125727092 _____ () C:\Users\Michael\Documents\IMG_2021a.xcf
2014-03-04 13:20 - 2014-03-16 21:32 - 00000000 ____D () C:\Scan
2014-03-04 13:18 - 2014-03-04 13:20 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-03-04 13:16 - 2014-03-04 13:18 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Canon
2014-03-04 13:16 - 2014-03-04 13:16 - 00000000 ___HD () C:\ProgramData\CanonIJEGV
2014-03-04 13:14 - 2014-03-04 13:14 - 00000000 ___HD () C:\ProgramData\CanonIJQuickMenu
2014-03-04 13:12 - 2012-03-26 06:00 - 00392192 _____ (CANON INC.) C:\windows\system32\CNMXLMB9.DLL
2014-03-04 13:11 - 2014-03-04 13:11 - 00000000 ____D () C:\ProgramData\Canon IJ Network Tool
2014-03-04 13:11 - 2012-02-08 17:34 - 00320000 _____ (CANON INC.) C:\windows\SysWOW64\CNC_B9L.dll
2014-03-04 13:11 - 2012-01-26 11:25 - 00081664 _____ () C:\windows\SysWOW64\CNC1763D.TBL
2014-03-04 13:11 - 2012-01-16 15:21 - 00103424 _____ (CANON INC.) C:\windows\SysWOW64\CNC_B9U.dll
2014-03-04 13:11 - 2008-08-25 19:02 - 00015872 _____ (CANON INC.) C:\windows\SysWOW64\CNHMCA.dll
2014-03-04 13:09 - 2014-03-04 13:09 - 00000000 ____D () C:\ProgramData\CanonIJWSpt
2014-03-04 13:09 - 2014-03-04 13:09 - 00000000 ____D () C:\Program Files\Common Files\CANON
2014-03-04 13:08 - 2014-03-04 13:08 - 00000000 ____D () C:\Program Files\Canon
2014-03-04 13:07 - 2014-03-04 13:07 - 00000000 ___HD () C:\windows\system32\CanonIJ Uninstaller Information
2014-03-04 13:07 - 2014-03-04 13:07 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-03-04 13:06 - 2014-03-04 13:06 - 00000000 ___HD () C:\Program Files\CanonBJ
2014-03-04 13:06 - 2012-03-26 06:00 - 00389120 _____ (CANON INC.) C:\windows\system32\CNMLMB9.DLL
2014-03-04 13:05 - 2014-03-04 13:05 - 00000000 ____D () C:\windows\system32\STRING
2014-03-04 13:05 - 2012-03-28 19:01 - 00359936 _____ (CANON INC.) C:\windows\system32\CNMN6PPM.DLL
2014-03-04 13:05 - 2012-03-28 19:01 - 00039424 _____ (CANON INC.) C:\windows\system32\CNMN6UI.DLL
2014-03-04 13:03 - 2014-03-04 13:16 - 00000000 ____D () C:\Program Files (x86)\Canon

==================== One Month Modified Files and Folders =======

2014-04-03 05:55 - 2014-04-03 05:55 - 00026527 _____ () C:\Users\Michael\Desktop\FRST.txt
2014-04-03 05:55 - 2014-03-30 21:03 - 00000000 ____D () C:\FRST
2014-04-03 05:51 - 2012-03-12 15:09 - 00001128 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-977804215-3240316584-965802034-1002UA.job
2014-04-03 05:51 - 2012-03-12 15:09 - 00001076 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-977804215-3240316584-965802034-1002Core.job
2014-04-03 05:39 - 2012-06-09 15:40 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-03 05:08 - 2011-10-05 16:33 - 01191351 _____ () C:\windows\WindowsUpdate.log
2014-04-03 05:08 - 2011-08-21 01:43 - 00001124 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-02 22:32 - 2009-07-14 06:45 - 00030352 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-02 22:32 - 2009-07-14 06:45 - 00030352 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-02 22:31 - 2014-04-02 22:31 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-02 22:29 - 2011-08-21 08:35 - 00701560 _____ () C:\windows\system32\perfh007.dat
2014-04-02 22:29 - 2011-08-21 08:35 - 00150428 _____ () C:\windows\system32\perfc007.dat
2014-04-02 22:29 - 2009-07-14 07:13 - 01620612 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-02 22:28 - 2014-04-02 22:28 - 00008375 _____ () C:\Users\Michael\Desktop\mbam.txt
2014-04-02 22:27 - 2014-04-02 21:52 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-02 22:27 - 2014-04-02 20:03 - 00000000 ____D () C:\Users\Michael\Desktop\alte frst
2014-04-02 22:25 - 2011-08-21 01:38 - 00506249 _____ () C:\windows\system32\fastboot.set
2014-04-02 22:24 - 2011-08-21 01:43 - 00001120 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-02 22:24 - 2011-08-21 01:34 - 03328603 _____ () C:\FaceProv.log
2014-04-02 22:24 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-02 22:23 - 2014-02-26 09:27 - 00195982 _____ () C:\windows\PFRO.log
2014-04-02 22:23 - 2013-09-09 07:00 - 00022740 _____ () C:\windows\setupact.log
2014-04-02 22:23 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\Vss
2014-04-02 22:19 - 2012-10-18 19:01 - 02347384 _____ (ESET) C:\Users\Michael\Desktop\esetsmartinstaller_enu.exe
2014-04-02 21:52 - 2014-04-02 21:52 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-02 21:52 - 2014-04-02 21:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-02 21:52 - 2012-10-11 18:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-02 21:23 - 2014-03-30 20:28 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-02 21:21 - 2014-04-02 21:20 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Michael\Desktop\mbam-setup-2.0.0.1000.exe
2014-04-02 21:21 - 2009-07-14 05:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-04-02 19:27 - 2014-04-02 19:27 - 00002216 _____ () C:\Users\Michael\Desktop\JRT.txt
2014-04-02 19:20 - 2014-04-02 19:20 - 00000000 ____D () C:\windows\ERUNT
2014-04-02 19:14 - 2014-04-02 19:12 - 00000000 ____D () C:\AdwCleaner
2014-04-02 19:10 - 2014-04-02 19:10 - 01038974 _____ (Thisisu) C:\Users\Michael\Desktop\JRT.exe
2014-04-02 19:07 - 2014-04-02 19:07 - 01426178 _____ () C:\Users\Michael\Desktop\adwcleaner.exe
2014-04-01 20:44 - 2014-04-01 20:44 - 00013888 _____ () C:\Users\Michael\AppData\Local\recently-used.xbel
2014-04-01 20:44 - 2014-03-01 12:22 - 00000000 ____D () C:\Users\Michael\.gimp-2.8
2014-04-01 20:37 - 2014-03-01 12:28 - 00000000 ____D () C:\Users\Michael\AppData\Local\gtk-2.0
2014-04-01 20:16 - 2014-04-01 19:42 - 00000000 ____D () C:\Qoobox
2014-04-01 20:15 - 2014-04-01 20:15 - 00033902 _____ () C:\ComboFix.txt
2014-04-01 20:14 - 2014-04-01 19:41 - 00000000 ____D () C:\windows\erdnt
2014-04-01 20:13 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini
2014-04-01 19:42 - 2014-04-01 19:42 - 00000000 ___RD () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-01 19:42 - 2014-04-01 19:42 - 00000000 ___RD () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-01 19:41 - 2011-09-28 00:03 - 00000000 ____D () C:\Users\Michael
2014-04-01 19:39 - 2014-04-01 19:38 - 05192353 ____R (Swearware) C:\Users\Michael\Desktop\ComboFix.exe
2014-04-01 19:35 - 2014-04-01 19:35 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-03-30 21:24 - 2014-03-30 21:24 - 00041218 _____ () C:\Users\Michael\Downloads\Addition.txt
2014-03-30 21:06 - 2014-03-30 21:05 - 00041218 _____ () C:\Users\Michael\Desktop\Addition.txt
2014-03-30 21:01 - 2014-03-30 21:01 - 02157056 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2014-03-30 20:28 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy
2014-03-29 18:03 - 2011-08-21 01:43 - 00004120 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-29 18:03 - 2011-08-21 01:43 - 00003868 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-28 06:46 - 2012-03-12 15:09 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-977804215-3240316584-965802034-1002UA
2014-03-28 06:46 - 2012-03-12 15:09 - 00003710 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-977804215-3240316584-965802034-1002Core
2014-03-27 20:50 - 2011-09-28 16:14 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Juniper Networks
2014-03-27 20:49 - 2011-09-28 16:14 - 00000000 ____D () C:\Program Files (x86)\Juniper Networks
2014-03-27 20:26 - 2014-03-27 20:26 - 00000000 ____D () C:\Users\Michael\Downloads\EnviroBear2000
2014-03-22 16:57 - 2012-07-04 19:36 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\vlc
2014-03-19 21:12 - 2013-08-14 21:03 - 00000000 ____D () C:\windows\system32\MRT
2014-03-19 21:09 - 2011-09-27 22:16 - 00000000 ___RD () C:\Users\Michael\Dropbox
2014-03-19 21:09 - 2011-09-27 21:14 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-19 19:42 - 2011-09-27 22:15 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Dropbox
2014-03-16 21:32 - 2014-03-04 13:20 - 00000000 ____D () C:\Scan
2014-03-15 21:59 - 2014-03-01 11:19 - 00000000 ____D () C:\Users\Michael\Desktop\Shooting
2014-03-14 07:23 - 2009-07-14 06:45 - 00493672 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-14 07:21 - 2013-03-14 08:43 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 07:21 - 2013-03-14 08:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 21:26 - 2012-03-07 20:10 - 00000039 _____ () C:\windows\vbaddin.ini
2014-03-13 21:26 - 2011-09-27 19:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-13 20:32 - 2014-03-13 20:32 - 00000063 _____ () C:\Users\Michael\.gtk-bookmarks
2014-03-12 21:39 - 2012-06-09 15:40 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 21:39 - 2012-04-13 23:26 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 21:39 - 2011-09-27 18:17 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 08:25 - 2013-08-08 21:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-09 19:06 - 2013-03-12 15:54 - 00011264 _____ () C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-09 18:25 - 2009-07-14 07:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-03-09 15:43 - 2009-07-14 07:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-03-08 19:43 - 2012-12-28 20:32 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\DivX
2014-03-07 18:18 - 2009-07-14 07:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-03-05 20:26 - 2014-03-05 20:26 - 14175091 _____ () C:\Users\Michael\Downloads\Tutorial-GIMP-Haut-glaetten.zip
2014-03-05 19:52 - 2014-03-04 17:39 - 125727092 _____ () C:\Users\Michael\Documents\IMG_2021a.xcf
2014-03-05 09:26 - 2014-04-02 21:52 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-04-02 21:52 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2012-10-11 18:20 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-04 13:20 - 2014-03-04 13:18 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-03-04 13:18 - 2014-03-04 13:16 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Canon
2014-03-04 13:16 - 2014-03-04 13:16 - 00000000 ___HD () C:\ProgramData\CanonIJEGV
2014-03-04 13:16 - 2014-03-04 13:03 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-03-04 13:14 - 2014-03-04 13:14 - 00000000 ___HD () C:\ProgramData\CanonIJQuickMenu
2014-03-04 13:11 - 2014-03-04 13:11 - 00000000 ____D () C:\ProgramData\Canon IJ Network Tool
2014-03-04 13:11 - 2009-07-14 05:20 - 00000000 __RSD () C:\windows\Media
2014-03-04 13:09 - 2014-03-04 13:09 - 00000000 ____D () C:\ProgramData\CanonIJWSpt
2014-03-04 13:09 - 2014-03-04 13:09 - 00000000 ____D () C:\Program Files\Common Files\CANON
2014-03-04 13:08 - 2014-03-04 13:08 - 00000000 ____D () C:\Program Files\Canon
2014-03-04 13:07 - 2014-03-04 13:07 - 00000000 ___HD () C:\windows\system32\CanonIJ Uninstaller Information
2014-03-04 13:07 - 2014-03-04 13:07 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-03-04 13:06 - 2014-03-04 13:06 - 00000000 ___HD () C:\Program Files\CanonBJ
2014-03-04 13:05 - 2014-03-04 13:05 - 00000000 ____D () C:\windows\system32\STRING

Some content of TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 22:11

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Michael at 2014-04-03 05:55:38
Running from C:\Users\Michael\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Apple Mobile Device Support (HKLM\...\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}) (Version: 5.1.1.4 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MG4200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4200_series) (Version: 1.01 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.16 - Piriform)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.5 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Java 7 Update 13 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417013FF}) (Version: 7.0.130 - Oracle)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.4.8.42127 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8000 - Broadcom Corporation)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.5 - Lenovo)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Logitech Unifying-Software 2.00 (HKLM\...\Logitech Unifying) (Version: 2.00.43 - Logitech)
Luminance HDR 2.2.0 (HKLM\...\{7020FC34-6E04-4858-924D-354B28CB2402}_is1) (Version:  - Luminance HDR Dev Team)
Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Camera Codec Pack (HKLM\...\{CD01405F-BC70-4453-B7F5-00CED3903C19}) (Version: 16.4.1620.0719 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - DEU (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Team Foundation Server 2010-Objektmodell - DEU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NVIDIA Grafiktreiber 310.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 310.70 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.95.599 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Systemsteuerung 310.70 (Version: 310.70 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
PDF-XChange Viewer (HKLM\...\{9ED333F8-3E6C-4A38-BAFA-728454121CDA}) (Version: 2.5.201.0 - Tracker Software Products Ltd.)
Qt SDK (HKCU\...\Qt SDK) (Version: 1.1.0 - Nokia)
RtLED (HKLM\...\{ACB6F4ED-835B-44EC-9EFD-AC8C83D28597}) (Version: 1.0.3 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
SRS Premium Sound Control Panel (HKLM\...\{2998191E-A35E-47E2-BE38-7702C731D722}) (Version: 1.10.18.0 - SRS Labs, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.7.0 - Synaptics Incorporated)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Visual Studio 2010 Prerequisites - English (HKLM\...\{53952792-BF16-300E-ADF2-E7E4367E00CF}) (Version: 10.0.30319 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)

==================== Restore Points  =========================

07-03-2014 16:25:10 Windows Update
13-03-2014 18:29:03 Windows Update
13-03-2014 19:22:19 Windows Update
18-03-2014 17:54:07 Windows Update
19-03-2014 19:09:17 Windows Update
25-03-2014 20:21:53 Windows Update
29-03-2014 07:24:17 Windows Update
30-03-2014 18:28:35 Uniblue SpeedUpMyPC installation
01-04-2014 17:41:44 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-04-01 21:30 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {027DE212-78DF-419C-BBB0-A8011EF6126C} - System32\Tasks\{2EC29CBC-6BF6-4DAB-B196-0F3DC13F8611} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {085C6B0A-39DF-46F5-B8B0-D0BCA1221515} - System32\Tasks\{02F952C3-486C-4705-98C0-839045115604} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {09C9EA20-31DE-49E4-A5CE-17D1108F5ABF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {0C5D9971-32AC-445F-A94A-49B7BF502FD8} - System32\Tasks\{9C5B7DA3-3B20-44B6-BFB9-0908AB41E073} => C:\Users\Michael\downloads\monkey\MONKEY.EXE
Task: {0EBA804B-38DC-44A7-8B60-6724A5D0AEBD} - System32\Tasks\{2CB742D6-71EE-4DB4-85D6-CD9A8D48E1E7} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {12BEA7C0-2A85-45A5-95E2-BBA68BD4160F} - System32\Tasks\{CC854B5C-E57D-4603-930D-15986D8C59E8} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {163DA8CF-7210-4B62-B974-9E6A168F95CB} - \1d58acf1-29e5-4c8e-a536-e04dd320ab01-5 No Task File
Task: {17DA8EB2-D59F-4774-AE8F-F77F0DE4389F} - System32\Tasks\{6E09A6C9-599B-4004-A295-DB859DE2D322} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {1E2AA691-7B76-4EA0-AFE9-5C887AA5735F} - System32\Tasks\{ADA08FC2-156F-4A25-8708-20BDDD0AC811} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {1E488DE3-824D-44B3-9507-E68C9484CA6E} - System32\Tasks\{3E0BB13D-EE90-4627-86D6-76E14875E984} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {22496753-D227-4CD0-852E-CDD5489AD798} - \9b0b99bf-8395-4071-85ce-258ecccd2e05-4 No Task File
Task: {22644F01-72E1-4AC1-946C-69901EE637A2} - System32\Tasks\{B8816912-62C7-42E2-8EC6-46A5E7195339} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {2AB0D38E-89CD-47E7-A0CD-4672A120A4BB} - System32\Tasks\{083C9B77-E395-43A5-B87B-8DACB656C121} => C:\Users\Michael\downloads\monkey\MONKEY.EXE
Task: {2ECE821B-A375-4E88-882F-1C323FCAF53E} - \9b0b99bf-8395-4071-85ce-258ecccd2e05-3 No Task File
Task: {30F9A419-277D-45B7-A465-910FBA884D4F} - System32\Tasks\{CE70EDD5-9F97-4D02-8B1C-BFEEC5D76F66} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {3345DC22-2464-4E4D-AAB3-C1968FEFA878} - System32\Tasks\{365C5390-A94F-4181-8232-25FCC64F1BF0} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {33E0F179-642F-4DA1-BA2F-A5C2E93186EF} - System32\Tasks\{DD96B263-04DB-4017-9CF9-FB07ADCF1936} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {3850EB6A-100F-4EB9-8925-214F8CE84439} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-977804215-3240316584-965802034-1002UA => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-02] (Google Inc.)
Task: {385A9318-770A-419E-A6FC-DA1E4866581E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-21] (Google Inc.)
Task: {3B96AF33-29AC-4B34-A20F-6728BC52EFDD} - System32\Tasks\{CF860EF3-7022-427A-9550-0826756DC428} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {3E1555E2-FC0E-464D-BB30-D4878723D92F} - System32\Tasks\{50B8AF97-9E6E-4379-8D0B-B3F494A747E8} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {3F675FF6-C560-403C-B5F9-47EF4B9BC380} - System32\Tasks\{05FACEED-B558-4C04-8186-C424FDFCCD90} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {40C5CB5F-DF98-4ED4-BB35-EEB40815E67B} - System32\Tasks\{5928C935-54DC-49B1-BC4F-E24F5912AD10} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {4109F478-6E1F-486A-AF0E-48EDEA1E1198} - System32\Tasks\{8B12A6E6-B74B-48EE-98AA-28A7CD003FF6} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {433B7ECD-F83F-4740-A52C-5F48BB4CE070} - System32\Tasks\{261D8136-4A68-42D7-9325-36DEE5BAFEAA} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {43F635F6-52FA-43EA-8327-BA50F2C8458E} - System32\Tasks\{2A9E80F6-57DD-41AD-B4D3-D59F3F22E7B6} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {47088C59-7BEF-4F8E-8F78-C6D896FD8227} - System32\Tasks\{16CC5F48-89B1-49F9-ACF1-EEBAEBEAD292} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {47AD37C9-60EC-4D03-8BD4-492F160EE257} - System32\Tasks\{345C3B38-75E1-4AD7-AF1F-24587B566103} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {4D8118A6-5D8D-49D5-BEA5-950F572A2CDB} - System32\Tasks\{D07D25AC-359C-41F7-BC83-B179AD75CACF} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {513BF8B1-CB8C-4188-85B0-761DE0E852B8} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {51A7081C-1EBA-4CB0-82A5-7566041A4861} - System32\Tasks\{2918A599-170C-4A31-8416-51DC809DE0F8} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {5890B8CC-7FF2-48B3-820F-5A83C2B86E26} - System32\Tasks\{EEC8DA8D-81FE-4ACD-AB43-904662C00487} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {589D3C39-7C99-4AE3-A856-77F075FAEB6A} - System32\Tasks\{7794BF1A-1941-456B-B31A-97ECE32D9920} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {5A882266-83EB-4D91-B22F-53084D77FFA2} - System32\Tasks\{9F4762B2-F0E0-4AAB-94E7-A41B4B581075} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {62A486A3-614E-4B77-B94A-90A5BBED7C24} - System32\Tasks\{D561436D-D4EB-4565-97C9-B3B8B4671123} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {6A474658-5C4B-45A8-A3D1-222CF8CB61AA} - System32\Tasks\{4DC70DB7-C96B-41FE-8A72-4A2DD48BF156} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {6CE739ED-7A5B-40A5-8A9C-76058970CB59} - System32\Tasks\{6289CE22-D69E-4A11-A8CB-8C4D8EC3094D} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {6D324AAB-5EEA-47D9-98DC-3FA5F250DC49} - \9b0b99bf-8395-4071-85ce-258ecccd2e05-2 No Task File
Task: {6E594D36-4115-4EDC-8FD1-A49591C4DEA3} - System32\Tasks\{23864F60-9E08-4EDA-BFA1-88EA50A8E0AA} => E:\SETUP95\INSTALL.EXE
Task: {6EC93B22-28AE-4448-959C-ED8CF0104C37} - \9b0b99bf-8395-4071-85ce-258ecccd2e05-5 No Task File
Task: {70D64781-79E4-4533-9333-D248C5BFDFDC} - \1d58acf1-29e5-4c8e-a536-e04dd320ab01-4 No Task File
Task: {768B7C19-52E8-4301-9FB6-D9F986A96692} - System32\Tasks\{F29E6849-64FF-47D8-ADD4-6DEF09EFEB45} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {78213231-DDF4-4B9C-B0BE-46ABF184D068} - System32\Tasks\{32C33AE0-6676-4E7E-924A-271ADC9BEE3B} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {7B4A9D40-F9C3-40D2-8229-FE0CFAF5197E} - System32\Tasks\{0E75D01D-A9E7-470F-9DF0-4F23A47A5C61} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {814CAF5E-2C53-46BE-99CD-2874509D3839} - System32\Tasks\{DC1FBECC-E461-4DBF-9AEB-C458703863BF} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {86020ACE-1656-4F2B-8D2E-80ECC69468CA} - System32\Tasks\{4DCAB60F-17B6-464C-AF7A-CA869BB67396} => C:\Users\Michael\downloads\monkey\MONKEY.EXE
Task: {86D80D46-D6DD-401C-BC7A-6DE1CC1083B8} - System32\Tasks\{0B8D2F00-1CAF-4FE7-A180-8F05DB66D171} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {87FB1667-B546-4317-9738-302E024A4AFF} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {8A7D5AB7-E5AE-4204-9071-50ECC7A16B18} - System32\Tasks\{CFCDB690-8862-4A48-AC9B-3925E775791A} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {8C2375E0-B07B-4D2C-8529-4CEB19E097B3} - System32\Tasks\{3F461170-CAD9-4828-B1B0-50E44DF59770} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {8C915C19-E99C-41BC-921E-955183E8617E} - \Re-markit Update No Task File
Task: {8DE60EFF-F44D-42BA-955E-C6EEB6CC3860} - System32\Tasks\{D826DB58-55A0-40B0-AF0C-FDBC60499CBF} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {8E00BDAC-BC8A-4041-85FD-38EFDBA27599} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {98DE9927-73AC-4917-9AA5-5E2AA69CEA93} - \1d58acf1-29e5-4c8e-a536-e04dd320ab01-2 No Task File
Task: {9AF50743-90BC-4250-AF2E-D44DEDCAEEB6} - System32\Tasks\{FA0B9B81-71BD-49CD-8062-1D1E13B1F617} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {A09485C5-C4D6-4DF0-8113-F7646CA3F6FF} - System32\Tasks\{04C74048-245D-409F-9F2B-24E55C20183D} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {A13606CE-4DB3-42DA-A9A1-F6988D995DBD} - System32\Tasks\{F4290F20-A0B3-4EAB-925F-01101B7D2AA0} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {A5FB0249-3F39-45FA-A1E4-08B4B24CCFA0} - \Re-markit_wd No Task File
Task: {A7D1F906-0E6C-4A50-88A6-3AF298F6FE8C} - System32\Tasks\{621B481C-7476-4D49-A502-846925E54349} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {A8063565-0ED1-430A-9B4C-435C84CD18C5} - System32\Tasks\{35A3CB29-E5B7-40B1-8E8E-0898017F7EA4} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {AC9E11B5-462F-4EE9-B1E1-4A7905378EA3} - System32\Tasks\{3FF55E29-6378-4B58-9DDE-316BF15B8D0B} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {AE7645FE-1977-4B41-B946-8AA627127134} - \9b0b99bf-8395-4071-85ce-258ecccd2e05-1 No Task File
Task: {B263EFA2-F241-4C67-8730-25039832E41F} - \1d58acf1-29e5-4c8e-a536-e04dd320ab01-1 No Task File
Task: {BB274FA0-89DD-482B-BAED-2DDEE0677E37} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-977804215-3240316584-965802034-1002Core => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-02] (Google Inc.)
Task: {BE60C906-48B7-4948-A14A-A08BE2BB86A6} - System32\Tasks\{2B18EF07-08E0-4B48-A7FC-DB4ECA5C0FD1} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {BF7F06CC-03AE-4497-95DC-340F1D756975} - System32\Tasks\{B78EC505-D4E9-4B16-A2C4-C50282051440} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {C715271A-776F-4202-BDA7-B9B59327512F} - System32\Tasks\{624A2020-D27E-4315-B373-1026C0F9A8B5} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {CBAE47A0-59FE-4EE6-9F98-6F48017EDD03} - System32\Tasks\{BC03D182-E3A8-4AEC-AF1C-6F62730F49F7} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {D078384C-246A-40EA-800C-1D6BF4CAA26A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-21] (Google Inc.)
Task: {D2DD3112-DC88-43F9-B253-683E71676C4F} - System32\Tasks\{BA5A78BA-590D-481E-BCE0-BEA37CFA9445} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {D37D603A-848D-4345-BAFB-BC30C82FE9CE} - System32\Tasks\{A066A5A9-B65F-466D-A75A-459ABFD34A91} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {D4404688-DF50-46E3-95DD-55A003E938D3} - System32\Tasks\{65FD8DD6-9F52-4195-A2D1-B2D0DB6C763C} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {D9ACB301-92C9-4ECF-87D5-CADA9AD942CA} - System32\Tasks\{871F524E-9EF9-407E-B282-9EE039ECD475} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {E0B1A1C5-E848-460E-BA06-7468076C6BA3} - System32\Tasks\{4998D91A-0CBA-4F8A-8215-113C4A7522A5} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {E0DBE796-930B-4CBF-AB8B-D2367881049A} - System32\Tasks\{8D681D87-93D8-444C-990B-24E0585E3897} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {E0FEED33-406C-4315-81A1-C3172396C90C} - System32\Tasks\{76D215CA-0CF9-4277-BFF3-9608A9ED3437} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {E5C16F39-9556-43CE-9F41-424B888F757C} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-05] (CyberLink)
Task: {E78F3D91-7FF3-4604-83EB-954D3FD66DC9} - System32\Tasks\{D849D91D-086B-44C6-AD25-E06FAFE2C474} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {E96CC21A-242A-4A11-9F69-690C24360F3E} - \1d58acf1-29e5-4c8e-a536-e04dd320ab01-3 No Task File
Task: {F2ECFF1B-32C1-4670-BF5B-3667173E2FD7} - System32\Tasks\{F498274B-26F2-489E-89EC-44B1C4D9137E} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F61FFE61-8280-48F4-B5C0-2CB0C8030116} - System32\Tasks\{2CA8888D-0954-4480-BBA0-57FE03A5DB53} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F6F1D431-53E3-4CFE-BBCF-95309A29B652} - System32\Tasks\{EFC5E2D2-9E7C-4DFD-A3B9-5793AB16A873} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F7660BA2-F001-4047-8660-322D8D9BB74A} - System32\Tasks\{51FF1306-00D4-4AB2-8C65-CE2D8CE48936} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F8E12BE5-4ECE-407C-BA10-E55281C81BA0} - System32\Tasks\{C293F847-ECB9-44C7-ADCC-FE326572E3CC} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {FC66E3D4-63DE-44F0-B1FF-5557A8C7995C} - System32\Tasks\{D1D1DDF6-4F09-42A4-B563-C1AC306B90B3} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {FE4D0D73-A272-434E-AA38-015650EE1F97} - System32\Tasks\{99540BAD-093F-4D22-AFB2-6A6A12EA9A10} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-977804215-3240316584-965802034-1002Core.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-977804215-3240316584-965802034-1002UA.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-10-11 20:29 - 2012-12-01 07:49 - 00086888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-10-19 10:31 - 2005-03-12 01:07 - 00087040 _____ () C:\windows\System32\pdfcmnnt.dll
2010-11-11 12:42 - 2010-11-11 12:42 - 00202144 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2010-11-11 12:44 - 2010-11-11 12:44 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2011-08-21 01:34 - 2011-08-21 01:34 - 01502720 _____ () C:\windows\system32\IcnOvrly.dll
2011-09-30 16:50 - 2011-09-30 16:50 - 00075136 _____ () C:\windows\SysWOW64\PnkBstrA.exe
2009-04-29 20:07 - 2009-04-29 20:07 - 00140288 _____ () C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\VsEvntUI.dll
2008-12-20 05:20 - 2011-08-21 01:49 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-20 05:20 - 2011-08-21 01:49 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2011-08-21 01:39 - 2011-08-21 01:39 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
2011-04-14 05:01 - 2011-03-25 11:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-11-15 08:44 - 2007-09-02 14:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2013-05-22 20:50 - 2013-05-22 20:50 - 00400704 _____ () C:\Users\Michael\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2013-02-13 04:37 - 2013-02-13 04:37 - 01263952 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2005-08-22 15:38 - 2005-08-22 15:38 - 03264512 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
2009-01-16 16:00 - 2009-01-16 16:00 - 00057344 _____ () C:\Program Files (x86)\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll
2009-04-29 20:07 - 2009-04-29 20:07 - 00148816 _____ () C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsEvntUI.dll
2010-11-11 12:38 - 2010-11-11 12:38 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
2010-11-11 12:39 - 2010-11-11 12:39 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
2011-11-15 08:44 - 2007-09-02 14:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2013-02-13 04:38 - 2013-02-13 04:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-03-15 21:47 - 2014-03-15 02:50 - 00051016 _____ () C:\Users\Michael\AppData\Local\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 21:47 - 2014-03-15 02:50 - 00716616 _____ () C:\Users\Michael\AppData\Local\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 21:47 - 2014-03-15 02:50 - 00100168 _____ () C:\Users\Michael\AppData\Local\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-15 21:47 - 2014-03-15 02:50 - 04061000 _____ () C:\Users\Michael\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 21:47 - 2014-03-15 02:50 - 00394568 _____ () C:\Users\Michael\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 21:47 - 2014-03-15 02:50 - 01647432 _____ () C:\Users\Michael\AppData\Local\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2011-07-18 23:07 - 2011-07-18 23:07 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2011-09-21 22:46 - 2011-09-21 22:46 - 01673728 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
2002-12-21 01:41 - 2002-12-21 01:41 - 01364823 _____ () C:\Program Files (x86)\Aspell\bin\aspell-15.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Media Server-Taskleisten-Tool.lnk => C:\windows\pss\Logitech Media Server-Taskleisten-Tool.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microtek Scanner Finder.lnk => C:\windows\pss\Microtek Scanner Finder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: JunosPulse => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe -tray
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: VeriFaceManager => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
MSCONFIG\startupreg: YouCam Mirage => "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
MSCONFIG\startupreg: YouCam Tray => "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s

==================== Faulty Device Manager Devices =============

Name: Broadcom Bluetooth 2.1 USB
Description: Broadcom Bluetooth 2.1 USB
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/03/2014 05:54:08 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/03/2014 03:22:22 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/03/2014 03:22:16 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/02/2014 10:31:48 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/02/2014 10:31:44 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/02/2014 10:25:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2014 10:21:09 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/02/2014 10:21:09 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/02/2014 10:21:09 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/02/2014 10:21:03 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (04/02/2014 10:26:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (04/02/2014 10:26:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (04/02/2014 10:24:13 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "ASPI32" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/02/2014 09:25:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (04/02/2014 09:25:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (04/02/2014 09:23:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "ASPI32" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/02/2014 09:20:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (04/02/2014 09:20:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (04/02/2014 09:17:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "ASPI32" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-04-01 20:12:25.060
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-04-01 20:12:24.978
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-10-12 23:22:32.993
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lenovo\Energy Management\BatteryTestDLL.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-12 23:22:32.973
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-12 23:22:32.943
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lenovo\Energy Management\BatteryTestDLL.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-12 20:44:24.277
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-12-29 22:27:54.820
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lenovo\Energy Management\BatteryTestDLL.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-12-29 22:27:54.810
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-12-29 22:27:54.796
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lenovo\Energy Management\BatteryTestDLL.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-12-29 22:16:08.217
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 31%
Total physical RAM: 8106.17 MB
Available physical RAM: 5560.71 MB
Total Pagefile: 16210.52 MB
Available Pagefile: 13610.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:654.69 GB) (Free:451.08 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:0.02 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: DE6C27C7)

Partition: GPT Partition Type.

==================== End Of Log ============================

royc · 03.04.2014, 05:00

Gruß,
Roy

sunjojo · 03.04.2014, 17:31

Ok, wenn du jetzt keine Probleme mehr hast, sind wir fertig

.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

Task: {163DA8CF-7210-4B62-B974-9E6A168F95CB} - \1d58acf1-29e5-4c8e-a536-e04dd320ab01-5 No Task File
Task: {22496753-D227-4CD0-852E-CDD5489AD798} - \9b0b99bf-8395-4071-85ce-258ecccd2e05-4 No Task File
Task: {2ECE821B-A375-4E88-882F-1C323FCAF53E} - \9b0b99bf-8395-4071-85ce-258ecccd2e05-3 No Task File
Task: {6D324AAB-5EEA-47D9-98DC-3FA5F250DC49} - \9b0b99bf-8395-4071-85ce-258ecccd2e05-2 No Task File
Task: {6EC93B22-28AE-4448-959C-ED8CF0104C37} - \9b0b99bf-8395-4071-85ce-258ecccd2e05-5 No Task File
Task: {70D64781-79E4-4533-9333-D248C5BFDFDC} - \1d58acf1-29e5-4c8e-a536-e04dd320ab01-4 No Task File
Task: {8C915C19-E99C-41BC-921E-955183E8617E} - \Re-markit Update No Task File
Task: {98DE9927-73AC-4917-9AA5-5E2AA69CEA93} - \1d58acf1-29e5-4c8e-a536-e04dd320ab01-2 No Task File
Task: {A5FB0249-3F39-45FA-A1E4-08B4B24CCFA0} - \Re-markit_wd No Task File
Task: {AE7645FE-1977-4B41-B946-8AA627127134} - \9b0b99bf-8395-4071-85ce-258ecccd2e05-1 No Task File
Task: {B263EFA2-F241-4C67-8730-25039832E41F} - \1d58acf1-29e5-4c8e-a536-e04dd320ab01-1 No Task File
Task: {E96CC21A-242A-4A11-9F69-690C24360F3E} - \1d58acf1-29e5-4c8e-a536-e04dd320ab01-3 No Task File

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Updates
Java Version 7 Update 51
Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

Downloade dir bitte die neueste Java-Version von hier
Speichere die jxpiinstall.exe
Schließe alle laufenden Programme. Speziell deinen Browser.
Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 51 ) herunter laden.
Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.
Wenn die Installation beendet wurde
Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart

Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
Klicke auf Dateien löschen....
Gehe sicher das überall ein Haken gesetzt ist und klicke OK.
Klicke erneut OK.

Cleanup
Falls du Malwarebytes Anti-Malware und den ESET Online Scanner nicht mehr behalten möchtest, kannst du diese über die Systemsteuerung deinstallieren. Ich empfehle dir, mindestens ein Programm zu behalten (näheres in den Tipps).

Windows XP: Start --> Systemsteuerung --> Kategorieansicht auswählen (falls nicht voreingestellt) --> Software
Windows Vista/7: Start --> Systemsteuerung --> Anzeige (oben-rechts) auf Kategorie stellen (falls nicht voreingestellt) --> Programme deinstallieren (Unterpunkt von Programme)
Windows 8: Suchen --> "Systemsteuerung" in das Suchfeld eingeben --> Systemsteuerung auswählen --> Programme deinstallieren (Unterpunkt von Programme)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

In deinen Logfiles sehe ich im Moment keine schädlichen Einträge mehr, du bist in meinen Augen Clean. Für die Zukunft habe ich dir Tipps aufgeschrieben, damit du uns in nächster Zeit nicht mehr brauchst

.

Tipps - Frequently Asked Questions (FAQ)/Häufig gestellte Fragen

Welcher Antivirenscanner ist der Beste?

Die Antwort auf die Frage ist im Grunde einfach: keiner. Es gibt keinen Antivirenscanner, der immer alle Schädlinge sofort erkennt und dich 100%ig schützt. Alles vom Menschen geschaffene ist fehlerhaft und es ist ratsam, sich nur begrenzt darauf zu verlassen. Das heißt nicht, dass die Verwendung eines Antivirenprogramms keinen Sinn macht, aber es sollte als zusätzliche Hilfe angesehen werden. Die Hauptverantwortung liegt bei dir und deinem Verhalten im Internet selbst.

Benutze nur einen Antivirenscanner/Hintergrundwächter, niemals zwei oder mehrere. Diese könnten sich gegenseitig blockieren und dir mehr schaden, als helfen. Es ist nicht unbedingt nötig, sich kostenpflichtige Antivirenprogramme für viel Geld zu kaufen. Achte darauf, dass immer die neuesten Updates heruntergeladen werden. Ein veralteter Antivirenscanner ist nutzlos!
- Ein gutes und kostenloses Antivirenprogramm ist avast! Free Antivirus.
- Wenn du bereit bist, dafür Geld auszugeben, empfehle ich dir Emsisoft Anti-Malware.

Außerdem kannst du dein Betriebssystem mit On-Demand Sannern überprüfen. Solche Scanner laufen nicht permanent im Hintergrund, sondern scannen nur "auf Knopfdruck" dein System. Damit holst du dir eine zweite Meinung ein. Gute On-Demand Scanner, die auch wir zur Kontrolle benutzen, sind Malwarebytes Anti Malware und der ESET Online Scanner.
- Malwarebytes Anti-Malware (Anleitung zur Verwendung) ist eines der besten und zuverlässigsten Programme in der Malwareentfernung. Scanne dein System einmal pro Woche oder einmal in zwei Wochen.
- Der ESET Online Scanner (Anleitnung zur Verwendung) ist kostenlos und scannt dein System und deine Dateien sehr gründlich. Deswegen kann der Scan bei vielen Dateien mehrere Stunden dauern. Scanne dein System nach deinem eigenem Ermessen. Falls schädliche Dateien gefunden werden, handle nicht eigenmächtig!

Aber Updates muss ich immer installieren, oder?

Die Aktualität von Software ist sehr wichtig und unbedingt notwendig. Veraltete Programme stellen Schwachstellen dar, die sich Angreifer gerne zur Nutze machen. Daher ist es wichtig, immer die neueste Version der jeweiligen Software installiert zu haben. Dies fängt beim Betriebssystem an. Du solltest das neueste Service Pack installiert und automatische Updates eingeschaltet haben.
Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Windows 8: Suchen --> "Systemsteuerung" in das Suchfeld eingeben --> Systemsteuerung auswählen --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren

Häufig werden Sicherheitslücken von älteren Java Versionen, dem Flash-Player und PDF-Reader ausgenutzt. Du kannst hier überprüfen, ob diese häufig missbrauchte Software aktuell ist: PluginCheck

Außerdem empfehle ich dir den http://www.trojaner-board.de/83959-s...tml#post510373. Dieser überprüft, ob du veraltete Software auf deinem Rechner verwendest und kann sie in manchen Fällen automatisch updaten.

Ok, muss ich auf etwas achten, wenn ich im Internet surfe?

Mit dem richtigen Verhalten im Internet fängt der Schutz vor Infektionen an. Es gibt inzwischen viele virtuelle Betrugsversuche oder Tricks zum Täuschen, sowie im echten Leben. Um sich dort zu schützen, hast du bestimmte Angewohnheiten. Diese können auf das Surfverhalten übertragen werden. Zur Verdeutlichung stelle ich dir einen kleinen Vergleich zum Leben her:

Verhalten im Leben	Verhalten im Internet
Du überprüfst vorher die Läden, in denen du einkaufst.	Klicke nicht auf alle Seiten/Werbungen/PopUps, weil diese bunt sind oder tolle Preise versprechen.
Du achtest auf die Qualität, wenn du Produkte kaufst.	Lade dir Programme nur von original Herstellerseiten herunter und nicht von Softonic oder ähnlichem. Diese birgen häufig die Gefahr, sich zusätzlich Adware herunterzuladen.
Du öffnest keine Briefe oder Pakete ohne zu gucken, von wem diese sind.	Öffne nur Anhänge von Emails, wenn der Absender bekannt ist. Überprüfe, ob zum Beispiel eine Rechnung im Anhang wirklich von der Firma versendet wurde. Häufig werden gefälschte Emails mit schädlichem Anhang verschickt!

Handle mit Bedacht und überlege zuerst, bevor du etwas anklickst, herunterlädst oder öffnest!

Vermeide das Besuchen von pornographischen, Pokerspiel oder weiteren dubiosen Webseiten. Diese birgen ein besonders großes Infektionsrisiko.

Welche Programme sollte ich nicht verwenden?

Wenn du neue Software installierst, besteht häufig die Auswahl, eine weitere Toolbar (oder ähnliches) zu installieren. Entferne generell den Haken bei optionalen Zusatzprogrammen. Diese verlangsamen in der Regel deinen Browser und können ein erhöhtes Infektionsrisiko bedeuten.

Registry Cleaner versprechen meist einen großen Performancegewinn, wenn verwaiste Einträge in der Regsitry entfernt werden. Dieser angebliche Gewinn ist kaum bis gar nicht bemerkbar. Außerdem wird häufig verschwiegen, dass falsche Änderungen der Registry zu schwerwiegenden Folgen führen können. Deswegen sollte so wenig wie möglich an der Registry verändert werden. Zerstörst du die Registry, zerstörst du Windows!

Filesharing oder Peer-to-Peer Programme ermöglichen es, Dateien mit anderen Nutzern auszutauschen. Es ist möglich, dass du dir eine infizierte Datei herunterlädst (auch versteckt in angeblich legalen Versionen von bekannten Programmen). Du kannst niemals wissen, woher diese stammen. Daher sollte diese Art von Software mit äußerster Vorsicht oder gar nicht benutzt werden.
- Lade dir vor allem keine Cracks (illegale Versione einer Software) herunter. Das ist rechtlich nicht erlaubt und du kannst dafür bestraft werden. Außerdem ist bei solcher Software das Infektionsrisiko am höchsten, da Cracks sehr häufig versteckte Malware enthalten.

Gibt es noch weitere Tipps, um mich zu schützen?

Achte auf die Endung von Dateien, die dir zugesendet wurden. Häufig versuchen Malwareschreiber mit Tricks wie Rechnung.pdf.exe dich zu täuschen. Wenn die Dateiendung ausgeblendet wird, bleibt Rechnung.pdf übrig, was den Anschein einer normalen PDF-Datei macht. Lass dir daher bekannte Dateiendung anzeigen (Anleitung: http://www.trojaner-board.de/59624-a...-sichtbar.html)

Surfe mit einem Konto mit eingeschränkten Rechten. Durch Administratorrechte kann Malware ohne Probleme zahlreiche Änderungen am System vornehmen, zum Beispiel Sicherheitseinstellungen verändern oder auf Systemdateien zugreifen.
Verwende nicht immer das gleiche Passwort. Falls dein Passwort durch entsprechende Malware herausgefunden wird, könnte auf alle Konten von dir zugegriffen werden.

Lege in regelmäßigen Abständen Backups (Was sind Backups?) von deinem System an. Dadurch ist ein Datenverlust durch Malware oder Hardwareschäden verkraftbar und es ist vergleichsweise einfach, den Rechner auf den Stand des letzten Backups zu bringen. Damit du deine Daten nicht manuell sichern musst, gibt es Backup-Programme wie Paragon Backup & Recovery.

Deaktiviere das Autorun-Feature von Windows. Dies ermöglicht, dass zum Beispiel CDs, DVDs oder Programme auf USB-Sticks alleine starten. Häufig nutzen Malwareschreiber genau diese Funktion aus. In solchen Fällen befindet sich Malware auf dem USB-Stick und wird automatisch beim Anschließen an den Computer ausgeführt. Um das zu verhinden, deaktiviere die Autorun-Funktion: http://www.trojaner-board.de/83238-a...sschalten.html.

Wenn du die Arbeit des Trojaner-Boards unterstützen möchtest, kannst du gerne spenden

.

Ich wünsche dir eine schöne und malwarefreie Zeit

.

sunjojo · 07.04.2014, 19:50

Hallo royc,

schön, dass wir dir helfen konnten

.

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht, damit erhalte ich keine Benachrichtungen über neue Antworten in diesem Thread. Solltest Du das Thema erneut brauchen, schicke mir bitte eine private Nachricht.

Jeder Andere bitte hier klicken und einen eigenen Thread erstellen.

royc · 08.04.2014, 19:22

Hey Jonas,

vielen Dank nochmal für deine großartige Unterstützung. Es funktioniert wieder alles ohne Probleme.

Gruß,
Roy

[Google Chrome] Ständige Popups (Spyware, FreeScan) und Verlinkungen in allen Textpassagen

Plagegeister aller Art und deren Bekämpfung: [Google Chrome] Ständige Popups (Spyware, FreeScan) und Verlinkungen in allen Textpassagen