Download Protect 2.20 lässt sich nicht entfernen

MarshallMath · 28.04.2014, 07:41

Hey Trojaner-Board-Team,

mir ist heute aufgefallen, dass ich die Software "Download Protect" als Add-On in meinem Chrome-Browser installiert habe. Allerdings habe ich keine Ahnung, wo ich das bekommen hätten können, da ich normalerweise immer die "Extras" in irgendwelchen Installationen ablehne.

Ich habe bisher nur das "Programm" mit dem CCleaner deinstalliert, was aber nicht viel gebracht hat. Außerdem habe ich noch den Autostart mit CCleaner deaktiviert. Möchte es aber natürlich komplett unten haben.

Was kann ich noch tun, um das Programm zu löschen?

Habe dort:

http://www.trojaner-board.de/151693-...entfernen.html

Das gleiche Problem entdeckt aber wusste jetzt nicht ob ich genau den gleichen Anweisungen folgen sollte!?

Liebe Grüße

MarshallMathers

schrauber · 28.04.2014, 08:24

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

MarshallMath · 28.04.2014, 08:40

FRST.txt:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014
Ran by Arne (administrator) on ARNE-LT on 28-04-2014 09:37:23
Running from C:\Users\Arne\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Creative Island Media, LLC) C:\ProgramData\TubeDimmer\TubeDimmerService.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Spotify Ltd) C:\Users\Arne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
(Dropbox, Inc.) C:\Users\Arne\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Geek Software GmbH) D:\Program Files (x86)\PDF24\pdf24.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\ProgramData\dlprotect.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Users\Arne\AppData\Local\Apps\2.0\X6KLWTQC.92T\71K9O604.LH1\dros..tion_0000000000000000_0001.0000_b7335b782fe9a0ac\Dros.exe
(Creative Island Media, LLC) C:\ProgramData\TubeDimmer\TubeDimmer.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-01-20] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-01-20] (Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2010-10-29] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1025616 2012-09-03] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PDFPrint] => D:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-02-19] (Geek Software GmbH)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3025636346-100433202-2293546944-1000\...\Run: [Spotify Web Helper] => C:\Users\Arne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-03-05] (Spotify Ltd)
HKU\S-1-5-21-3025636346-100433202-2293546944-1000\...\Run: [Wunderlist] => C:\Users\Arne\AppData\Local\Apps\2.0\X6KLWTQC.92T\71K9O604.LH1\wund..tion_45ec1bcecca77a53_0002.0000_8bd0285384bbd56f\Wunderlist.exe [6880768 2013-02-05] (6 Wunderkinder GmbH)
HKU\S-1-5-21-3025636346-100433202-2293546944-1000\...\Run: [DAEMON Tools Lite] => D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-3025636346-100433202-2293546944-1000\...\Run: [Driver Operating Service] => C:\Users\Arne\AppData\Local\Apps\2.0\X6KLWTQC.92T\71K9O604.LH1\dros..tion_0000000000000000_0001.0000_b7335b782fe9a0ac\Driver Operating Service.appref-ms
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Arne\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=3.2&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5&st=chrome&q=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x48ACA9D9C724CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=3.2&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5&st=chrome&q=
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=3.2&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5&st=chrome&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=3.2&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5&st=chrome&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=3.2&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5&st=chrome&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=3.2&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5&st=chrome&q=
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ver=3.2&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ver=3.2&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5&q={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ver=3.2&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ver=3.2&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5&q={searchTerms}
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: HomeTab - {96edaac7-6183-4cb5-8823-b8b12d94f967} - C:\Users\Arne\AppData\Roaming\HomeTab\HomeTab.dll (Simplytech Ltd.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - HomeTab - {96edaac7-6183-4cb5-8823-b8b12d94f967} - C:\Users\Arne\AppData\Roaming\HomeTab\HomeTab.dll (Simplytech Ltd.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.10.10

FireFox:
========
FF ProfilePath: C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default
FF user.js: detected! => C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\user.js
FF SearchEngineOrder.1: Web Search
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=3.2&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5&st=chrome&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WebCake - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\plugin@getwebcake.com [2013-05-26]
FF Extension: Protegere - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\security@protegere.org [2014-04-28]
FF Extension: SparPilot - Gutscheine &amp; mehr... - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\sparpilot@sparpilot.com [2014-04-28]
FF Extension: YouTube Unblocker - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\youtubeunblocker@unblocker.yt [2013-12-02]
FF Extension: HomeTab - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\{aa9cc3fa-a5e4-449b-aab5-1ebdbc7314ee} [2013-06-18]
FF Extension: ReminderFox - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2013-12-02]
FF Extension: Evernote Web Clipper - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-04-28]
FF Extension: PinPhotoZoom - Eaisly zoom photos in Pinterest! - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\{ebc3cfe3-606b-4470-98ae-4dd305d4c0b9} [2013-05-21]
FF Extension: InvisibleHand - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\canitbecheaper@trafficbroker.co.uk.xpi [2012-10-08]
FF Extension: Ciuvo - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\extension@ciuvo.com.xpi [2012-10-08]
FF Extension: leethax.net extension - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\leethax@leethax.net.xpi [2013-01-28]
FF Extension: Clearly - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\readable@evernote.com.xpi [2012-10-26]
FF Extension: NoScript - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-10-24]
FF Extension: Soundcloud SUPER +2: Downloader and Recommender - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\{988da70d-b78d-44a1-a9c7-ed11832a9e2e}.xpi [2012-12-19]
FF Extension: FootieFox - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4}.xpi [2012-10-08]
FF Extension: Adblock Plus - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-08]
FF HKLM-x32\...\Firefox\Extensions: [{28B041F9-242D-4DE0-9A19-A82C542ACFB0}] - C:\Windows\Installer\{8BDECB8E-FA78-41E5-937D-05B6C9651112}\{28B041F9-242D-4DE0-9A19-A82C542ACFB0}.xpi
FF Extension: No Name - C:\Windows\Installer\{8BDECB8E-FA78-41E5-937D-05B6C9651112}\{28B041F9-242D-4DE0-9A19-A82C542ACFB0}.xpi [2014-04-28]
FF HKCU\...\Firefox\Extensions: [{b5ad6039-a173-4149-9dcf-d04371526253}] - C:\Program Files (x86)\Lyrics_Monkey\131.xpi

Chrome: 
=======
CHR HomePage: hxxp://search.babylon.com/?affID=110823&tt=300912_TORP_4012_6&babsrc=HP_ss&mntrId=ee022286000000000000e4d53d42a5e7
CHR RestoreOnStartup: "hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN", "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2912d6c9-cc4c-4f0c-9ff4-0903618a3c5a&searchtype=hp&fr=linkury-tb&installDate=11/05/2013&type=hp1000"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-04-28]
CHR Extension: (Google Docs) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-05]
CHR Extension: (Google Drive) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-05]
CHR Extension: (Show the YouTube Channel bar or the name.) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2014-04-28]
CHR Extension: (YouTube) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-05]
CHR Extension: (Adblock Plus) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-06-05]
CHR Extension: (Ecosia - The search engine that plants trees) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\clellnciejhoedgepbdilbkdkaoecgpc [2014-04-28]
CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2014-04-28]
CHR Extension: (Google-Suche) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-05]
CHR Extension: (FeedSquares - Supercharge your Google Reader) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi [2014-04-28]
CHR Extension: (HomeTab) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\djbdlklldbflagkkpaljamjfbpefcbpf [2013-06-05]
CHR Extension: (Clock for Google Chrome™) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\emakkfldeggiinnfcdjkakdfcppbfhdg [2014-04-28]
CHR Extension: (AdBlock) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-28]
CHR Extension: (RSS Live Links) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcamnijgggppihioleoenjmlnakejdph [2014-04-28]
CHR Extension: (Evernote Snipping Tool ) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmhpjbejpnnaffkpmebeagdiidibjfa [2013-11-12]
CHR Extension: (Clearly) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2013-06-05]
CHR Extension: (Evernote Web) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2013-06-05]
CHR Extension: (PinPhotoZoom plugin for chrome) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbdamgnimlipjnpgiakiojcbbmcmiibn [2013-06-05]
CHR Extension: (Google Wallet) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-28]
CHR Extension: (Download Protect) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\noknoogiiibmpoenlhpcllbmbncldhfa [2014-04-28]
CHR Extension: (Evernote Web Clipper) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-04-28]
CHR Extension: (Google Mail) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-05]
CHR HKLM-x32\...\Chrome\Extension: [djbdlklldbflagkkpaljamjfbpefcbpf] - C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx [2013-05-21]
CHR HKLM-x32\...\Chrome\Extension: [fjoijdanhaiflhibkljeklcghcmmfffh] - C:\Program Files (x86)\Betcat\WebCakeLayers.crx [2013-05-21]
CHR HKLM-x32\...\Chrome\Extension: [mbdamgnimlipjnpgiakiojcbbmcmiibn] - C:\Program Files (x86)\PinPhotoZoom\chrome\PinPhotoZoomChrome.crx [2013-05-21]
CHR HKLM-x32\...\Chrome\Extension: [ofnnlhbgdcabppjmlijllkhekcglbjlg] - C:\Program Files (x86)\Lyrics_Monkey\131.crx [2013-05-21]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-03-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-05] (Avira Operations GmbH & Co. KG)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 TubeDimmer; C:\ProgramData\TubeDimmer\TubeDimmer.exe [151416 2014-03-22] (Creative Island Media, LLC)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
R3 hpnuhst; C:\Windows\System32\DRIVERS\hpnuhst.sys [16384 2007-03-27] (Hewlett-Packard Development Company)
R3 HPNUHUB; C:\Windows\System32\DRIVERS\hpnuhub.sys [40448 2007-10-30] (Hewlett-Packard Development Company)
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [75888 2012-09-03] (Atheros Communications, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-12-17] (Duplex Secure Ltd.)
U3 aqcksaof; C:\Windows\System32\Drivers\aqcksaof.sys [0 ] (Advanced Micro Devices)
S3 SANDRA; \??\D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.RTM\WNt500x64\Sandra.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-28 09:37 - 2014-04-28 09:38 - 00029189 _____ () C:\Users\Arne\Desktop\FRST.txt
2014-04-28 09:37 - 2014-04-28 09:37 - 00000000 ____D () C:\FRST
2014-04-28 08:46 - 2014-04-28 08:46 - 02061824 _____ (Farbar) C:\Users\Arne\Desktop\FRST64.exe
2014-04-09 09:21 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-09 09:09 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 09:09 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 09:09 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 09:09 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 09:09 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 09:09 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 09:09 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 09:09 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 09:09 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 09:09 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 09:09 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 09:07 - 2014-04-28 08:06 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-04 17:36 - 2014-04-04 17:36 - 00002521 _____ () C:\Users\Public\Desktop\Freetec TubeBox.lnk
2014-04-04 17:36 - 2014-04-04 17:36 - 00000000 ____D () C:\Users\Arne\AppData\Roaming\dlg
2014-04-04 17:36 - 2014-04-04 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freetec
2014-04-04 17:34 - 2014-04-28 08:49 - 00000000 ____D () C:\Users\Arne\AppData\Local\TubeDimmer
2014-04-04 17:33 - 2014-04-04 17:33 - 00126976 _____ () C:\Windows\system32\DlProtectSvc.exe
2014-04-04 17:33 - 2014-04-04 17:33 - 00118784 _____ () C:\Windows\system32\winipsfc.exe
2014-04-04 17:33 - 2014-04-04 17:33 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2014-04-04 17:32 - 2014-04-04 17:33 - 00000000 ____D () C:\ProgramData\TubeDimmer
2014-04-04 17:32 - 2014-04-04 17:32 - 00000000 ____D () C:\Program Files (x86)\SparPilotAddon
2014-04-04 17:25 - 2014-04-04 17:25 - 00000000 ____D () C:\Users\Arne\AppData\Roaming\BupSystem
2014-04-04 17:24 - 2014-04-04 17:31 - 00000000 _____ () C:\END
2014-04-04 17:24 - 2014-04-04 17:27 - 00000000 ____D () C:\Users\Arne\AppData\Roaming\Security System 2
2014-04-04 17:24 - 2014-04-04 17:24 - 00000000 ____D () C:\Users\Arne\AppData\Local\SearchProtect
2014-04-04 17:24 - 2014-04-04 17:24 - 00000000 ____D () C:\Program Files (x86)\SearchProtect

==================== One Month Modified Files and Folders =======

2014-04-28 09:38 - 2014-04-28 09:37 - 00029189 _____ () C:\Users\Arne\Desktop\FRST.txt
2014-04-28 09:37 - 2014-04-28 09:37 - 00000000 ____D () C:\FRST
2014-04-28 08:49 - 2014-04-04 17:34 - 00000000 ____D () C:\Users\Arne\AppData\Local\TubeDimmer
2014-04-28 08:46 - 2014-04-28 08:46 - 02061824 _____ (Farbar) C:\Users\Arne\Desktop\FRST64.exe
2014-04-28 08:39 - 2013-11-08 19:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-28 08:26 - 2013-05-21 12:49 - 00000000 ____D () C:\Program Files (x86)\Protected Search
2014-04-28 08:12 - 2009-07-14 06:45 - 00015120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-28 08:12 - 2009-07-14 06:45 - 00015120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-28 08:10 - 2013-02-05 18:50 - 00000000 ____D () C:\Users\Arne\AppData\Local\Deployment
2014-04-28 08:10 - 2012-11-07 17:15 - 00000000 ____D () C:\Users\Arne\AppData\Roaming\Dropbox
2014-04-28 08:08 - 2012-09-04 09:01 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-04-28 08:06 - 2014-04-09 09:07 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-28 08:02 - 2012-09-03 22:22 - 01412911 ____N () C:\Windows\WindowsUpdate.log
2014-04-28 08:00 - 2013-08-23 20:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-28 07:56 - 2012-09-04 00:20 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-10 19:00 - 2013-06-05 10:38 - 00002178 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-10 09:43 - 2009-07-14 19:58 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-04-10 09:43 - 2009-07-14 19:58 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-04-10 09:43 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-09 09:07 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-06 12:49 - 2009-07-14 06:45 - 00311320 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-06 12:48 - 2012-09-04 09:16 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-06 12:48 - 2012-09-04 09:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-06 12:35 - 2012-09-04 09:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-04-04 17:36 - 2014-04-04 17:36 - 00002521 _____ () C:\Users\Public\Desktop\Freetec TubeBox.lnk
2014-04-04 17:36 - 2014-04-04 17:36 - 00000000 ____D () C:\Users\Arne\AppData\Roaming\dlg
2014-04-04 17:36 - 2014-04-04 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freetec
2014-04-04 17:36 - 2012-10-10 17:02 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-04 17:33 - 2014-04-04 17:33 - 00126976 _____ () C:\Windows\system32\DlProtectSvc.exe
2014-04-04 17:33 - 2014-04-04 17:33 - 00118784 _____ () C:\Windows\system32\winipsfc.exe
2014-04-04 17:33 - 2014-04-04 17:33 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2014-04-04 17:33 - 2014-04-04 17:32 - 00000000 ____D () C:\ProgramData\TubeDimmer
2014-04-04 17:32 - 2014-04-04 17:32 - 00000000 ____D () C:\Program Files (x86)\SparPilotAddon
2014-04-04 17:31 - 2014-04-04 17:24 - 00000000 _____ () C:\END
2014-04-04 17:27 - 2014-04-04 17:24 - 00000000 ____D () C:\Users\Arne\AppData\Roaming\Security System 2
2014-04-04 17:25 - 2014-04-04 17:25 - 00000000 ____D () C:\Users\Arne\AppData\Roaming\BupSystem
2014-04-04 17:24 - 2014-04-04 17:24 - 00000000 ____D () C:\Users\Arne\AppData\Local\SearchProtect
2014-04-04 17:24 - 2014-04-04 17:24 - 00000000 ____D () C:\Program Files (x86)\SearchProtect

Files to move or delete:
====================
C:\ProgramData\dlprotect.exe


Some content of TEMP:
====================
C:\Users\Arne\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-07 11:42

==================== End Of Log ============================

--- --- ---

und die Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2014
Ran by Arne at 2014-04-28 09:38:19
Running from C:\Users\Arne\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 9.25 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0925-000001000000}) (Version: 9.25.00.0 - Igor Pavlov)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3000 - Acer Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.4.402.265 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.56 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite DCP-195C (HKLM-x32\...\{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Browser Updater 1.1 (HKLM-x32\...\Browser Updater_is1) (Version:  - Browser Updater)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center (x32 Version: 2011.0613.2238.38801 - Ihr Firmenname) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0613.2238.38801 - ATI) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0613.2238.38801 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help English (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help French (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help German (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
ccc-utility64 (Version: 2011.0613.2238.38801 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.22 - Piriform)
Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version:  - Dark Byte)
Classic Shell (HKLM\...\{DC45D291-769A-4608-A688-77E6DBC03498}) (Version: 3.6.1 - IvoSoft)
Counter-Strike: Global Offensive - SDK (HKLM-x32\...\Steam App 745) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Driver Operating Service (HKCU\...\9b8aaf488bf6380a) (Version: 1.0.0.65 - Driver Operating Service)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Entity Framework Designer für Visual Studio 2012 - DEU (HKLM-x32\...\{094D6E27-97CC-447E-8660-56F75CFC1E00}) (Version: 11.1.20702.00 - Microsoft Corporation)
Erforderliche Komponenten für SSDT  (HKLM-x32\...\{70D065C3-77E5-45E9-A75C-EEB2E84EA869}) (Version: 11.0.2100.60 - Microsoft Corporation)
FLV Player 2.0 (build 25) (HKLM-x32\...\FLV Player) (Version: 2.0 (build 25) - Martijn de Visser)
Free System Utilities (HKLM-x32\...\{77747265-2951-4028-9e2a-30908a5ea71e}) (Version: 1.1.0.80 - Covus Freemium GmbH)
Free SystemUtilities (x32 Version: 1.1.0.80 - Covus Freemium GmbH) Hidden
General Runtime Files for Allplan 2012-1 Release (x32 Version: 1.6.0.0 - Nemetschek Allplan GmbH) Hidden
General Runtime Files for Nemetschek Softlock 2006 (x32 Version: 1.3.0.0 - Nemetschek) Hidden
General Runtime Files for Nemetschek Softlock 2006 64 (Version: 1.2.0.0 - Nemetschek) Hidden
G-Force (HKLM-x32\...\G-Force) (Version: 5.1.4 - SoundSpectrum)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
HomeTab 3.5 (HKLM-x32\...\{c5eac06d-16a7-4836-866d-ebf3ecfdcdaa}_is1) (Version: 3.5 - HomeTab) <==== ATTENTION
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
iFunbox (v2.1.2228.731), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.1.2228.731 - )
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Launch Manager (HKLM-x32\...\LManager) (Version: 5.0.3 - Acer Inc.)
LibreOffice 3.6 (HKLM-x32\...\{C2F438B6-7010-453B-93EC-B2FC053AA97B}) (Version: 3.6.1.2 - The Document Foundation)
LibreOffice 3.6 Help Pack (German) (HKLM-x32\...\{9215BC0D-208F-4726-8EF9-1C5441A42C3A}) (Version: 3.6.1.2 - The Document Foundation)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{98B45D1C-6EB1-460D-A87D-2B60678DC105}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 3 - DEU (HKLM-x32\...\{07AC2D83-E795-4AD5-970D-B9BD14A1E411}) (Version: 3.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}) (Version: 3.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages - DEU (HKLM-x32\...\{93EEC4E9-EEFE-4027-ACD3-6E8C1D085975}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (x32 Version: 2.0.50727 - Microsoft Corporation) Hidden
Microsoft Help Viewer 2.0 Language Pack - DEU (HKLM-x32\...\Microsoft Help Viewer 2.0 Language Pack - DEU) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.0 Language Pack - DEU (x32 Version: 2.0.50727 - Microsoft Corporation) Hidden
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 (KB971119) (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version:  - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 (KB971119) (x32 Version: 9.0.30731 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{A106D33E-6B43-42C0-9BFC-D03303261FA7}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{AD49BD4B-6CEE-4EA2-B53E-8EB0606F1B11}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{EF18EF0F-96D3-4A6B-9600-2197F1720A15}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{6B7B7E62-9F56-4C87-8664-0E20F2CAB03B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{D4DA7C91-A59F-4C72-BAC4-DF7C76AB1CB8}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{8E4BA1E5-54E8-41F0-919B-CD875B83CFCE}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{55FABD1D-8BE6-4A1A-958D-52B15F1DFEF0}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{13C9CD03-A5FE-4F50-AC8A-17B77C38CC52}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{28C7A4BB-3966-4373-8376-C11F38290630}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU  (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (11.1.20627.00) (HKLM-x32\...\{F6F1EE45-97E9-48A3-94B2-044B0A3C08D3}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (11.1.20627.00) (HKLM-x32\...\{CEEDB2C4-46BE-4340-BAB9-F30110D9BBB8}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{D434E072-F482-4F52-AB97-7B19DD5DAEB5}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{485F4AC6-F79E-4482-A0D2-EDF0CCE1E124}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - DEU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - DEU (x32 Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Web Deploy 3.0 (HKLM\...\{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}) (Version: 3.1236.1631 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - DEU (HKLM-x32\...\{86756584-C41A-4CA3-B42D-4768C7720F56}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{E2B8249D-895C-4685-8C83-00F3B1A13028}) (Version: 4.0.1622 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{4C0B27C3-3E8F-4BD2-80FF-6E9E48EBD6D8}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{64A5D39C-95CD-4B8B-B2FA-6C713133B57F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Mozilla Firefox 25.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 25.0 (x86 de)) (Version: 25.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 25.0 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nemetschek Allplan 2012 (HKLM-x32\...\{E293B9FB-2753-4B39-89ED-4812FAF358D1}) (Version: 2012.0 - Nemetschek Allplan GmbH)
Nemetschek SoftLock 2006 (HKLM-x32\...\{7262D0C8-41CC-4F75-8383-A6C7C61D7FC6}) (Version: 1.26.55 - )
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
PDF24 Creator 5.3.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Perfect Effects 4.0.4 (HKLM-x32\...\{385E6A4D-A440-43E2-9BAF-A012FB5FC2E2}) (Version: 4.0.4 - onOne Software)
PinPhotoZoom (HKLM-x32\...\{5dfd64a7-81dd-45a9-9874-1fe13b7f4d56}_is1) (Version:  - PinPhotoZoom)
Protegere (HKLM-x32\...\Protegere) (Version:  - )
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RawPacketDriver (HKLM\...\{7E5BEF96-0293-442B-B344-62902D302522}) (Version: 5.5.1805 - PCAUSA)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
SimpleMind desktop Pro 1.7.2d (HKLM-x32\...\SMPRO1_is1) (Version: 1.7.2d - ModelMaker Tools BV)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.0 - Synaptics Incorporated)
TomTom HOME (HKLM-x32\...\{EC5F4C1B-F838-4CB7-8561-8F809296428B}) (Version: 2.9.5 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Tube Dimmer (HKLM-x32\...\TubeDimmer) (Version: 2.6.71 - Creative Island Media, LLC)
TubeBox (HKLM-x32\...\{712a2c46-4dd4-4463-8773-4e1352b77319}) (Version: 5.0.0.0 - Freetec)
TubeBox (x32 Version: 5.0.0.0 - Freetec) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
WebCake 3.00 (HKLM\...\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}) (Version: 3.00 - WebCake LLC) <==== ATTENTION
Wunderlist (HKCU\...\f4d33ae8dc11fa61) (Version: 2.0.5.8 - 6 Wunderkinder GmbH)

==================== Restore Points  =========================

06-04-2014 10:32:38 Windows Update
28-04-2014 05:55:25 Windows Update
28-04-2014 06:26:50 Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU wird entfernt

==================== Hosts content: ==========================

2009-07-14 04:34 - 2012-09-05 12:11 - 00444231 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	www.10sek.com
127.0.0.1	10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	www.123fporn.info
127.0.0.1	123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {036E1C14-EEC5-45EE-A6DC-1C68602247E3} - System32\Tasks\Dealply => C:\Users\Arne\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe [2013-06-01] () <==== ATTENTION
Task: {289DAAF1-C317-42FC-9442-D893E9FE276E} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\Protected Search\ProtectedSearch.exe <==== ATTENTION
Task: {2FB6AB48-B39D-45C5-BF2B-507EB87A5274} - System32\Tasks\DealPlyUpdate => C:\Program <==== ATTENTION
Task: {2FC8CEEF-CDC6-43F8-9F87-531BB0AFB362} - System32\Tasks\Plus-HD-2.4-firefoxinstaller => C:\Program Files (x86)\Plus-HD-2.4\Plus-HD-2.4-firefoxinstaller.exe <==== ATTENTION
Task: {360B594C-A632-4687-9B96-39CAC1528D83} - System32\Tasks\Plus-HD-2.4-chromeinstaller => C:\Program Files (x86)\Plus-HD-2.4\Plus-HD-2.4-chromeinstaller.exe <==== ATTENTION
Task: {39B31588-2528-43CA-9000-E88EF9F9E274} - System32\Tasks\Lyrics-Monkey Update => C:\Program Files (x86)\Lyrics_Monkey\LyrMonkeyUpd.exe <==== ATTENTION
Task: {4CE152F1-D1E3-41E1-BB3A-6988ABA36B47} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {56D7CA3A-5753-4A59-9E00-E41246173A65} - System32\Tasks\Browser Updater\Browser Updater => Rundll32.exe "C:\Program Files (x86)\Browser Updater\TBUpdater.dll",TBCheckForUpdate
Task: {7E0E5B05-FA7C-478A-865F-B6D6F9792283} - System32\Tasks\Freemium1ClickMaint => C:\Program Files (x86)\Covus Freemium\Free System Utilities\1Click.exe [2013-05-22] ()
Task: {85F35AFB-3930-4540-9E03-4DE1D2123FDD} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3025636346-100433202-2293546944-1000
Task: {88360230-7E9D-42FF-9876-DE19ABE6914D} - System32\Tasks\Software Updater Ui => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Ui.exe [2013-09-08] ()
Task: {8C2C6518-7959-4BC0-A2F6-693BD34347F6} - System32\Tasks\AutoUpdate Allplan 2012 => D:\Program Files (x86)\Nemetschek\Allplan\prg\NemDownloadHandler.exe [2012-03-21] (Nemetschek Allplan GmbH)
Task: {BA045ACD-8669-4C3D-918B-FD58C82277C9} - System32\Tasks\WebContent AutoUpdate 2012 => D:\Program Files (x86)\Nemetschek\Allplan\prg\NemDownloadHandler.exe [2012-03-21] (Nemetschek Allplan GmbH)
Task: {C1DF2A76-C65E-4C04-8751-DE74080C79FC} - System32\Tasks\Plus-HD-2.4-updater => C:\Program Files (x86)\Plus-HD-2.4\Plus-HD-2.4-updater.exe <==== ATTENTION
Task: {CEBF8E39-0748-4561-8839-4972FC1CC655} - System32\Tasks\Plus-HD-2.4-codedownloader => C:\Program Files (x86)\Plus-HD-2.4\Plus-HD-2.4-codedownloader.exe <==== ATTENTION
Task: {CED38480-BE2D-4ABA-B14C-B313E823E77C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-04] (Google Inc.)
Task: {EDD6E807-5C85-46C2-A1EB-54CE8BA8BDA2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-04] (Google Inc.)
Task: {F22B4EAC-C24F-4C22-AF26-83D2E66F7523} - System32\Tasks\Software Updater => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2013-07-17] ()
Task: {F32EF5E2-8323-44CF-9938-1474AB092A9D} - System32\Tasks\Plus-HD-2.4-enabler => C:\Program Files (x86)\Plus-HD-2.4\Plus-HD-2.4-enabler.exe <==== ATTENTION
Task: {FE4D4AB7-70BB-4185-84E6-53872FB17A9C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-08-22] (Piriform Ltd)
Task: C:\Windows\Tasks\AutoUpdate Allplan 2012.job => D:\Program Files (x86)\Nemetschek\Allplan\prg\NemDownloadHandler.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\Arne\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf49dd2de19899.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Lyrics-Monkey Update.job => C:\Program Files (x86)\Lyrics_Monkey\LyrMonkeyUpd.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\Windows\Tasks\WebContent AutoUpdate 2012.job => D:\Program Files (x86)\Nemetschek\Allplan\prg\NemDownloadHandler.exe

==================== Loaded Modules (whitelisted) =============

2014-04-04 17:33 - 2014-04-04 17:33 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2014-04-04 17:31 - 2014-04-04 17:31 - 00218112 ____N () C:\Users\Arne\AppData\Local\Apps\2.0\X6KLWTQC.92T\71K9O604.LH1\dros..tion_0000000000000000_0001.0000_b7335b782fe9a0ac\Dros.exe
2014-04-04 17:31 - 2014-04-04 17:31 - 00005120 ____N () C:\Users\Arne\AppData\Local\Apps\2.0\X6KLWTQC.92T\71K9O604.LH1\dros..tion_0000000000000000_0001.0000_b7335b782fe9a0ac\de\Dros.resources.dll
2011-06-13 22:36 - 2011-06-13 22:36 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-14 14:21 - 2011-03-14 14:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-12-10 19:15 - 2012-09-19 19:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-05 17:33 - 2014-03-05 17:33 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3e27ac2000641918e7215d97c63e957d\IsdiInterop.ni.dll
2012-09-03 22:56 - 2011-01-12 17:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Arne\AppData\Roaming\Dropbox\bin\libcef.dll
2014-04-10 19:00 - 2014-04-02 03:57 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-09 09:07 - 2014-04-28 08:06 - 00012288 _____ () C:\Program Files (x86)\Google\Chrome\Application\WTSAPI32.dll
2014-04-10 19:00 - 2014-04-02 03:57 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-10 19:00 - 2014-04-02 03:57 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-10 19:00 - 2014-04-02 03:57 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-10 19:00 - 2014-04-02 03:58 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-10 19:00 - 2014-04-02 03:57 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
2014-04-10 19:00 - 2014-04-02 03:58 - 13691720 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Download Protect => C:\ProgramData\dlprotect.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard-USB-Hostcontroller)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 


==================== Event log errors: =========================

Application errors:
==================
Error: (04/11/2014 03:33:33 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18346

Error: (04/11/2014 03:33:33 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18346

Error: (04/11/2014 03:33:33 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/11/2014 03:33:32 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17348

Error: (04/11/2014 03:33:32 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 17348

Error: (04/11/2014 03:33:32 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/11/2014 03:33:31 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16349

Error: (04/11/2014 03:33:31 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16349

Error: (04/11/2014 03:33:31 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/11/2014 03:33:30 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15351


System errors:
=============
Error: (04/28/2014 08:11:47 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Download Protect Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/28/2014 08:02:39 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (04/28/2014 07:59:48 AM) (Source: Service Control Manager) (User: )
Description: Dienst "BUP Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/10/2014 06:27:59 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Download Protect Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/10/2014 06:27:25 PM) (Source: Server) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{87288AE1-2790-49B5-8D4C-372EE5EC6B65} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (04/07/2014 00:44:57 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (04/06/2014 00:47:24 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (04/04/2014 08:44:11 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (04/04/2014 05:28:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Überwachung verteilter Verknüpfungen (Client)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1115

Error: (04/04/2014 05:28:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Automatische WLAN-Konfiguration" ist vom Dienst "Extensible Authentication-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1115


Microsoft Office Sessions:
=========================
Error: (04/11/2014 03:33:33 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18346

Error: (04/11/2014 03:33:33 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18346

Error: (04/11/2014 03:33:33 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/11/2014 03:33:32 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17348

Error: (04/11/2014 03:33:32 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 17348

Error: (04/11/2014 03:33:32 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/11/2014 03:33:31 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16349

Error: (04/11/2014 03:33:31 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16349

Error: (04/11/2014 03:33:31 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/11/2014 03:33:30 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15351


CodeIntegrity Errors:
===================================
  Date: 2013-09-18 18:52:36.427
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-18 18:48:50.768
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-12 16:56:59.992
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-06 10:50:57.067
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-05 13:26:28.685
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-01 14:40:27.598
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-26 17:02:01.968
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-23 00:36:18.640
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-22 01:05:26.124
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-21 16:13:00.720
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 71%
Total physical RAM: 3764.48 MB
Available physical RAM: 1081.49 MB
Total Pagefile: 7527.15 MB
Available Pagefile: 3221.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (WIN) (Fixed) (Total:96 GB) (Free:36.61 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DAT) (Fixed) (Total:369.76 GB) (Free:266.14 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 89DAB825)
Partition 1: (Active) - (Size=96 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=370 GB) - (Type=OF Extended)

==================== End Of Log ============================

schrauber · 28.04.2014, 09:22

Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

MarshallMath · 28.04.2014, 10:50

Mit dem Revo habe ich nur 1 Datei deinstalliert und danach keine der anderen mit dem Zusatz <== ATTENTION mehr gefunden. Ist das normal?

Hier die Logfile von Combofix:

Code:

ATTFilter

ComboFix 14-04-26.01 - Arne 28.04.2014  11:37:34.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3764.1863 [GMT 2:00]
ausgeführt von:: c:\users\Arne\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\program files (x86)\SingAlong
c:\programdata\dlprotect.exe
c:\windows\SysWow64\DEBUG.log
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-03-28 bis 2014-04-28  ))))))))))))))))))))))))))))))
.
.
2014-04-28 09:42 . 2014-04-28 09:42	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-04-28 09:24 . 2014-04-28 09:24	--------	d-----w-	c:\program files (x86)\VS Revo Group
2014-04-28 07:37 . 2014-04-28 07:39	--------	d-----w-	C:\FRST
2014-04-09 07:21 . 2014-01-24 02:37	1684928	----a-w-	c:\windows\system32\drivers\ntfs.sys
2014-04-09 07:09 . 2014-03-04 09:44	362496	----a-w-	c:\windows\system32\wow64win.dll
2014-04-09 07:09 . 2014-03-04 09:44	243712	----a-w-	c:\windows\system32\wow64.dll
2014-04-09 07:09 . 2014-03-04 09:44	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2014-04-09 07:09 . 2014-03-04 09:44	1163264	----a-w-	c:\windows\system32\kernel32.dll
2014-04-09 07:09 . 2014-03-04 09:16	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2014-04-09 07:09 . 2014-03-04 09:44	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2014-04-09 07:09 . 2014-03-04 09:17	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2014-04-09 07:09 . 2014-03-04 09:16	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2014-04-09 07:09 . 2014-03-04 08:09	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2014-04-09 07:09 . 2014-03-04 08:09	2048	----a-w-	c:\windows\SysWow64\user.exe
2014-04-08 06:40 . 2014-03-07 04:43	10521840	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A67B4E2F-B5CA-4579-9FCE-9AC20D152C74}\mpengine.dll
2014-04-04 15:36 . 2014-04-04 15:36	--------	d-----w-	c:\users\Arne\AppData\Roaming\dlg
2014-04-04 15:34 . 2014-04-28 09:24	--------	d-----w-	c:\users\Arne\AppData\Local\TubeDimmer
2014-04-04 15:33 . 2014-04-04 15:33	118784	----a-w-	c:\windows\system32\winipsfc.exe
2014-04-04 15:33 . 2014-04-04 15:33	126976	----a-w-	c:\windows\system32\DlProtectSvc.exe
2014-04-04 15:32 . 2014-04-04 15:33	--------	d-----w-	c:\programdata\TubeDimmer
2014-04-04 15:32 . 2014-04-04 15:32	--------	d-----w-	c:\program files (x86)\SparPilotAddon
2014-04-04 15:25 . 2014-04-04 15:25	--------	d-----w-	c:\users\Arne\AppData\Roaming\BupSystem
2014-04-04 15:24 . 2014-04-04 15:27	--------	d-----w-	c:\users\Arne\AppData\Roaming\Security System 2
2014-04-04 15:24 . 2014-04-04 15:24	--------	d-----w-	c:\program files (x86)\SearchProtect
2014-04-04 15:24 . 2014-04-04 15:24	--------	d-----w-	c:\users\Arne\AppData\Local\SearchProtect
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-28 05:56 . 2012-09-03 22:20	90655440	----a-w-	c:\windows\system32\MRT.exe
2014-03-22 02:05 . 2014-03-22 02:05	1161080	----a-w-	c:\windows\SysWow64\TubeDimmer.EA96BC9739D9.dll
2014-03-04 09:17 . 2014-04-09 07:09	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2014-03-01 06:05 . 2014-03-13 17:31	23133696	----a-w-	c:\windows\system32\mshtml.dll
2014-03-01 05:17 . 2014-03-13 17:31	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-03-01 05:16 . 2014-03-13 17:31	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-03-01 04:58 . 2014-03-13 17:31	2765824	----a-w-	c:\windows\system32\iertutil.dll
2014-03-01 04:52 . 2014-03-13 17:31	66048	----a-w-	c:\windows\system32\iesetup.dll
2014-03-01 04:51 . 2014-03-13 17:31	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-03-01 04:42 . 2014-03-13 17:31	53760	----a-w-	c:\windows\system32\jsproxy.dll
2014-03-01 04:40 . 2014-03-13 17:31	33792	----a-w-	c:\windows\system32\iernonce.dll
2014-03-01 04:37 . 2014-03-13 17:31	574976	----a-w-	c:\windows\system32\ieui.dll
2014-03-01 04:33 . 2014-03-13 17:31	139264	----a-w-	c:\windows\system32\ieUnatt.exe
2014-03-01 04:33 . 2014-03-13 17:31	111616	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-03-01 04:32 . 2014-03-13 17:31	708608	----a-w-	c:\windows\system32\jscript9diag.dll
2014-03-01 04:23 . 2014-03-13 17:31	940032	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 04:17 . 2014-03-13 17:31	218624	----a-w-	c:\windows\system32\ie4uinit.exe
2014-03-01 04:11 . 2014-03-13 17:31	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-03-01 04:02 . 2014-03-13 17:31	195584	----a-w-	c:\windows\system32\msrating.dll
2014-03-01 03:54 . 2014-03-13 17:31	5768704	----a-w-	c:\windows\system32\jscript9.dll
2014-03-01 03:52 . 2014-03-13 17:31	61952	----a-w-	c:\windows\SysWow64\iesetup.dll
2014-03-01 03:51 . 2014-03-13 17:31	51200	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:42 . 2014-03-13 17:31	627200	----a-w-	c:\windows\system32\msfeeds.dll
2014-03-01 03:38 . 2014-03-13 17:31	112128	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-03-01 03:37 . 2014-03-13 17:31	553472	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2014-03-01 03:35 . 2014-03-13 17:31	2041856	----a-w-	c:\windows\system32\inetcpl.cpl
2014-03-01 03:18 . 2014-03-13 17:31	13051904	----a-w-	c:\windows\system32\ieframe.dll
2014-03-01 03:14 . 2014-03-13 17:31	4244480	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-03-01 03:10 . 2014-03-13 17:31	2334208	----a-w-	c:\windows\system32\wininet.dll
2014-03-01 03:00 . 2014-03-13 17:31	1964032	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-03-01 02:38 . 2014-03-13 17:31	1393664	----a-w-	c:\windows\system32\urlmon.dll
2014-03-01 02:32 . 2014-03-13 17:31	1820160	----a-w-	c:\windows\SysWow64\wininet.dll
2014-03-01 02:25 . 2014-03-13 17:31	817664	----a-w-	c:\windows\system32\ieapfltr.dll
2014-02-07 01:23 . 2014-03-13 17:31	3156480	----a-w-	c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-13 17:27	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-13 17:27	624128	----a-w-	c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-13 17:27	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-13 17:27	509440	----a-w-	c:\windows\SysWow64\qedit.dll
2014-01-29 02:32 . 2014-03-13 17:31	484864	----a-w-	c:\windows\system32\wer.dll
2014-01-29 02:06 . 2014-03-13 17:31	381440	----a-w-	c:\windows\SysWow64\wer.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Arne\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Arne\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Arne\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Arne\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2012-08-19 17:37	610816	----a-w-	c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Driver Operating Service"="c:\users\Arne\AppData\Local\Apps\2.0\X6KLWTQC.92T\71K9O604.LH1\dros..tion_0000000000000000_0001.0000_b7335b782fe9a0ac\Driver Operating Service.appref-ms" [X]
"Spotify Web Helper"="c:\users\Arne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-03-05 1171968]
"Wunderlist"="c:\users\Arne\AppData\Local\Apps\2.0\X6KLWTQC.92T\71K9O604.LH1\wund..tion_45ec1bcecca77a53_0002.0000_8bd0285384bbd56f\Wunderlist.exe" [2013-02-05 6880768]
"DAEMON Tools Lite"="d:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2012-09-03 1025616]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-13 336384]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-03-05 689744]
"PDFPrint"="d:\program files (x86)\PDF24\pdf24.exe" [2013-02-19 162856]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2012-09-25 1163264]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
.
c:\users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Arne\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe /Startup [2011-3-14 2125472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 TubeDimmer;Tube Dimmer;c:\programdata\TubeDimmer\TubeDimmerService.exe;c:\programdata\TubeDimmer\TubeDimmerService.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 hpnuhst;HP NUSB Host;c:\windows\system32\DRIVERS\hpnuhst.sys;c:\windows\SYSNATIVE\DRIVERS\hpnuhst.sys [x]
S3 HPNUHUB;HP NUSB Hub;c:\windows\system32\DRIVERS\hpnuhub.sys;c:\windows\SYSNATIVE\DRIVERS\hpnuhub.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C60x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-10 16:55	1077576	----a-w-	c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-09 c:\windows\Tasks\AutoUpdate Allplan 2012.job
- d:\program files (x86)\Nemetschek\Allplan\prg\NemDownloadHandler.exe [2012-10-22 18:38]
.
2014-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf49dd2de19899.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-04 08:49]
.
2013-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-04 08:49]
.
2013-09-09 c:\windows\Tasks\WebContent AutoUpdate 2012.job
- d:\program files (x86)\Nemetschek\Allplan\prg\NemDownloadHandler.exe [2012-10-22 18:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Arne\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Arne\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Arne\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Arne\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2012-08-19 17:37	741376	----a-w-	c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-06-13 1212560]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-01-20 615584]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-01-20 379552]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-10-29 860040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.certified-toolbar.com?si=43169&st=home&tid=3580&ver=3.5&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5
uDefault_Search_URL = hxxp://search.certified-toolbar.com?si=43169&st=chrome&tid=3580&ver=3.5&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5&q=
mDefault_Search_URL = hxxp://search.certified-toolbar.com?si=43169&st=chrome&tid=3580&ver=3.5&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5&q=
mStart Page = hxxp://search.certified-toolbar.com?si=43169&st=home&tid=3580&ver=3.5&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://search.certified-toolbar.com?si=43169&st=chrome&tid=3580&ver=3.5&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5&q=
mSearch Bar = hxxp://search.certified-toolbar.com?si=43169&st=chrome&tid=3580&ver=3.5&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5&q=
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.10.10
TCP: Interfaces\{87288AE1-2790-49B5-8D4C-372EE5EC6B65}\64259445A51224F6870264F6E60275C414E40273137303: NameServer = 8.8.8.8,8.8.8.4
TCP: Interfaces\{87288AE1-2790-49B5-8D4C-372EE5EC6B65}\64259445A51224F6870264F6E60275C414E40273332303: NameServer = 8.8.8.8,8.8.8.4
TCP: Interfaces\{87288AE1-2790-49B5-8D4C-372EE5EC6B65}\E4564777F627B6: NameServer = 8.8.8.8,8.8.8.4
FF - ProfilePath - c:\users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.certified-toolbar.com?si=43169&st=home&tid=3580&ver=3.5&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5
FF - prefs.js: keyword.URL - hxxp://search.certified-toolbar.com?si=43169&st=chrome&tid=3580&ver=3.5&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5&q=
FF - ExtSQL: 2014-04-28 08:06; {28B041F9-242D-4DE0-9A19-A82C542ACFB0}; c:\windows\Installer\{8BDECB8E-FA78-41E5-937D-05B6C9651112}\{28B041F9-242D-4DE0-9A19-A82C542ACFB0}.xpi
FF - ExtSQL: 2014-04-28 08:39; sparpilot@sparpilot.com; c:\users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\extensions\sparpilot@sparpilot.com
FF - ExtSQL: 2014-04-28 08:39; security@protegere.org; c:\users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\extensions\security@protegere.org
FF - user.js: extensions.blocklist.enabled - false
FF - user.js: app.update.auto - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{722b3793-5367-4446-b6bb-db89b05c1f24}\LocalServer32]
@DACL=(02 0000)
@=expand:"%SystemRoot%\\System32\\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {722b3793-5367-4446-b6bb-db89b05c1f24}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-04-28  11:45:26
ComboFix-quarantined-files.txt  2014-04-28 09:45
.
Vor Suchlauf: 10 Verzeichnis(se), 39.082.553.344 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 38.574.899.200 Bytes frei
.
- - End Of File - - 73B23F0436F2291F1541C0F13F8AF80D

schrauber · 28.04.2014, 19:29

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

MarshallMath · 29.04.2014, 10:37

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 29.04.2014
Suchlauf-Zeit: 09:58:46
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.29.02
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Arne

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 274625
Verstrichene Zeit: 18 Min, 21 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Tiefer Rootkit-Suchlauf: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 19
PUP.Optional.WebCake.A, HKLM\SOFTWARE\CLASSES\APPID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}, In Quarantäne, [6799a65ae41c3bc59f1a63eec73b44bc], 
PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}, In Quarantäne, [6799a65ae41c3bc59f1a63eec73b44bc], 
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, In Quarantäne, [b64a7a86a55b946cbfd2a27b3cc614ec], 
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, In Quarantäne, [b64a7a86a55b946cbfd2a27b3cc614ec], 
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [619fa8581de3b54bacb3fe1f7092748c], 
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [619fa8581de3b54bacb3fe1f7092748c], 
PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}, In Quarantäne, [1be5a15fe51b1de3b70165ec34ce06fa], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, In Quarantäne, [f60adc24a55bc53b10edaaa7877bf40c], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, In Quarantäne, [b34d26da27d9dc24c23cf859d929b24e], 
PUP.Optional.TubeDimmer, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TubeDimmer, In Quarantäne, [12eedd238e7207f95eb5206a5ca6b44c], 
PUP.Optional.TubeDimmer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\TubeDimmer, In Quarantäne, [12eedd238e7207f95eb5206a5ca6b44c], 
PUP.Optional.WebCake.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}, In Quarantäne, [7e8225db0ff14bb5793fbadd0ff4ad53], 
PUP.Optional.WebCake.A, HKLM\SOFTWARE\CLASSES\APPID\WebCakeIEClient.DLL, In Quarantäne, [c739d03056aa659beac9484faa59b64a], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, In Quarantäne, [fd033ec2a957e11f8134711750b2fe02], 
PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\WebCakeIEClient.DLL, In Quarantäne, [9f618f7142bebe42d5de5047897a50b0], 
PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\fjoijdanhaiflhibkljeklcghcmmfffh, In Quarantäne, [ed13d52b936d37c9dfdb3265fb087c84], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-3025636346-100433202-2293546944-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent, Löschen bei Neustart, [3ec26898718fbb45397d5f29768cff01], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3025636346-100433202-2293546944-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Löschen bei Neustart, [eb1511ef33cdcb355369b2d5bb4724dc], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3025636346-100433202-2293546944-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Löschen bei Neustart, [6c941ae69967b14f6680336a729114ec], 

Registrierungswerte: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3025636346-100433202-2293546944-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0M1S1H1K2U, Löschen bei Neustart, [6c941ae69967b14f6680336a729114ec]

Registrierungsdaten: 10
Hijack.SearchPage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://search.certified-toolbar.com?si=43169&st=chrome&tid=3580&ver=3.5&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5&q=, Gut: (hxxp://www.google.com), Schlecht: (hxxp://search.certified-toolbar.com?si=43169&st=chrome&tid=3580&ver=3.5&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5&q=),Ersetzt,[db25b64a23dd7e82cf43f53dd82c827e]
Hijack.StartPage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://search.certified-toolbar.com?si=43169&st=home&tid=3580&ver=3.5&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5, Gut: (hxxp://www.google.com), Schlecht: (hxxp://search.certified-toolbar.com?si=43169&st=home&tid=3580&ver=3.5&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5),Ersetzt,[b24ea25e44bc4cb420ee69c90301a060]
Hijack.SearchPage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://search.certified-toolbar.com?si=43169&st=chrome&tid=3580&ver=3.5&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5&q=, Gut: (hxxp://www.google.com), Schlecht: (hxxp://search.certified-toolbar.com?si=43169&st=chrome&tid=3580&ver=3.5&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5&q=),Ersetzt,[36cac43c12eeb9476ba9cd6511f30000]
Hijack.SearchPage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://search.certified-toolbar.com?si=43169&st=chrome&tid=3580&ver=3.5&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5&q=, Gut: (hxxp://www.google.com), Schlecht: (hxxp://search.certified-toolbar.com?si=43169&st=chrome&tid=3580&ver=3.5&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5&q=),Ersetzt,[f20e1fe150b016eaeb28939f34d0847c]
Hijack.SearchPage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://search.certified-toolbar.com?si=43169&st=chrome&tid=3580&ver=3.5&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5&q=, Gut: (hxxp://www.google.com/), Schlecht: (hxxp://search.certified-toolbar.com?si=43169&st=chrome&tid=3580&ver=3.5&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5&q=),Ersetzt,[bf41c838b05030d033e267cbd82c4bb5]
Hijack.StartPage, HKU\S-1-5-21-3025636346-100433202-2293546944-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://search.certified-toolbar.com?si=43169&st=home&tid=3580&ver=3.5&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5, Gut: (hxxp://www.google.com), Schlecht: (hxxp://search.certified-toolbar.com?si=43169&st=home&tid=3580&ver=3.5&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5),Löschen bei Neustart,[6a9630d0d32ddf21c04dcf639b69a858]
Hijack.SearchPage, HKU\S-1-5-21-3025636346-100433202-2293546944-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://search.certified-toolbar.com?si=43169&st=chrome&tid=3580&ver=3.5&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5&q=, Gut: (hxxp://www.google.com), Schlecht: (hxxp://search.certified-toolbar.com?si=43169&st=chrome&tid=3580&ver=3.5&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5&q=),Löschen bei Neustart,[916f000003fd48b88887ae844bb954ac]
Hijack.SearchPage, HKU\S-1-5-21-3025636346-100433202-2293546944-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://search.certified-toolbar.com?si=43169&st=chrome&tid=3580&ver=3.5&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5&q=, Gut: (hxxp://www.google.com/), Schlecht: (hxxp://search.certified-toolbar.com?si=43169&st=chrome&tid=3580&ver=3.5&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5&q=),Löschen bei Neustart,[827e966a728e8e72a076082a61a33fc1]
PUP.Optional.SearchCertifiedTB.A, HKU\S-1-5-21-3025636346-100433202-2293546944-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURI|(Default), hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ver=3.5&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5&q=%s, Gut: (hxxp://www.google.com), Schlecht: (hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ver=3.5&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5&q=%s),Löschen bei Neustart,[ee12e02008f8e81885b9003440c442be]
PUP.Optional.SearchCertifiedTB.A, HKU\S-1-5-21-3025636346-100433202-2293546944-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|(Default), hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ver=3.5&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5&q=%s, Gut: (hxxp://www.google.com/), Schlecht: (hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ver=3.5&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5&q=%s),Löschen bei Neustart,[837d41bf728e13eda39cca6aba4a06fa]

Ordner: 19
PUP.Optional.TubeDimmer, C:\ProgramData\TubeDimmer, In Quarantäne, [12eedd238e7207f95eb5206a5ca6b44c], 
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}, In Quarantäne, [7e8225db0ff14bb5793fbadd0ff4ad53], 
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Cache, In Quarantäne, [7e8225db0ff14bb5793fbadd0ff4ad53], 
PUP.OPtional.Dealply.A, C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly, In Quarantäne, [01ffaa5602fee21ef341a5f855ae46ba], 
PUP.Optional.FindWide, C:\Users\Arne\AppData\Local\TNT2\2.0.0.1534, In Quarantäne, [9070629ec937a55b013ad6d9ec17a060], 
PUP.Optional.DealPly.A, C:\Users\Arne\AppData\Roaming\Dealply, In Quarantäne, [c838649c7a860df37afee57f53af6a96], 
PUP.Optional.DealPly.A, C:\Users\Arne\AppData\Roaming\Dealply\UpdateProc, In Quarantäne, [c838649c7a860df37afee57f53af6a96], 
PUP.Optional.TidyNetwork.A, C:\Users\Arne\AppData\Local\TNT2, In Quarantäne, [c23e5fa155ab35cb634f72f4a75b956b], 
PUP.Optional.TidyNetwork.A, C:\Users\Arne\AppData\Local\TNT2\Common, In Quarantäne, [c23e5fa155ab35cb634f72f4a75b956b], 
PUP.Optional.TidyNetwork.A, C:\Users\Arne\AppData\Local\TNT2\Profiles, In Quarantäne, [c23e5fa155ab35cb634f72f4a75b956b], 
PUP.Optional.TidyNetwork.A, C:\Users\Arne\AppData\Local\TNT2\Profiles\10447, In Quarantäne, [c23e5fa155ab35cb634f72f4a75b956b], 
PUP.Optional.WebCake.A, C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\extensions\plugin@getwebcake.com, In Quarantäne, [20e025db0ff131cf8065284235cde818], 
PUP.Optional.WebCake.A, C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\extensions\plugin@getwebcake.com\content, In Quarantäne, [20e025db0ff131cf8065284235cde818], 
PUP.Optional.WebCake.A, C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\extensions\plugin@getwebcake.com\defaults, In Quarantäne, [20e025db0ff131cf8065284235cde818], 
PUP.Optional.WebCake.A, C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\extensions\plugin@getwebcake.com\defaults\preferences, In Quarantäne, [20e025db0ff131cf8065284235cde818], 
PUP.Optional.WebCake.A, C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\extensions\plugin@getwebcake.com\locale, In Quarantäne, [20e025db0ff131cf8065284235cde818], 
PUP.Optional.WebCake.A, C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\extensions\plugin@getwebcake.com\locale\en-US, In Quarantäne, [20e025db0ff131cf8065284235cde818], 
PUP.Optional.WebCake.A, C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\extensions\plugin@getwebcake.com\META-INF, In Quarantäne, [20e025db0ff131cf8065284235cde818], 
PUP.Optional.WebCake.A, C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\extensions\plugin@getwebcake.com\skin, In Quarantäne, [20e025db0ff131cf8065284235cde818], 

Dateien: 90
PUP.Optional.DealPly.A, C:\Users\Arne\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe, In Quarantäne, [01ff07f9718fa75937ebe6385ba5ae52], 
PUP.Optional.ZombieAlert.A, C:\Windows\SysWOW64\TubeDimmer.EA96BC9739D9.dll, Löschen bei Neustart, [b54b34ccf50be21e579d2cf93bc9936d], 
PUP.Optional.WebSearch.A, C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\searchplugins\Web Search.xml, In Quarantäne, [32ce718fd927649cb1cddca1b54d9b65], 
PUP.Optional.SearchCertifiedTB.A, C:\Program Files (x86)\Mozilla Firefox\searchplugins\Web Search.xml, In Quarantäne, [1ae60bf5c53baa560bc4a5de649ebc44], 
PUP.Optional.TubeDimmer, C:\ProgramData\TubeDimmer\app.dat, In Quarantäne, [12eedd238e7207f95eb5206a5ca6b44c], 
PUP.Optional.TubeDimmer, C:\ProgramData\TubeDimmer\data.dat, In Quarantäne, [12eedd238e7207f95eb5206a5ca6b44c], 
PUP.Optional.TubeDimmer, C:\ProgramData\TubeDimmer\TubeDimmer.exe, In Quarantäne, [12eedd238e7207f95eb5206a5ca6b44c], 
PUP.Optional.TubeDimmer, C:\ProgramData\TubeDimmer\TubeDimmer.exe.config, In Quarantäne, [12eedd238e7207f95eb5206a5ca6b44c], 
PUP.Optional.TubeDimmer, C:\ProgramData\TubeDimmer\TubeDimmer.ico, In Quarantäne, [12eedd238e7207f95eb5206a5ca6b44c], 
PUP.Optional.TubeDimmer, C:\ProgramData\TubeDimmer\TubeDimmerService.exe, In Quarantäne, [12eedd238e7207f95eb5206a5ca6b44c], 
PUP.Optional.TubeDimmer, C:\ProgramData\TubeDimmer\TubeDimmerService.exe.config, In Quarantäne, [12eedd238e7207f95eb5206a5ca6b44c], 
PUP.Optional.TubeDimmer, C:\ProgramData\TubeDimmer\Uninstall.exe, In Quarantäne, [12eedd238e7207f95eb5206a5ca6b44c], 
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.ico, In Quarantäne, [7e8225db0ff14bb5793fbadd0ff4ad53], 
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.dat, In Quarantäne, [7e8225db0ff14bb5793fbadd0ff4ad53], 
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.exe, In Quarantäne, [7e8225db0ff14bb5793fbadd0ff4ad53], 
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setup.dll, In Quarantäne, [7e8225db0ff14bb5793fbadd0ff4ad53], 
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll, In Quarantäne, [7e8225db0ff14bb5793fbadd0ff4ad53], 
PUP.OPtional.Dealply.A, C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\Uninstall DealPly.lnk, In Quarantäne, [01ffaa5602fee21ef341a5f855ae46ba], 
PUP.OPtional.Dealply.A, C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly Help.url, In Quarantäne, [01ffaa5602fee21ef341a5f855ae46ba], 
PUP.OPtional.Dealply.A, C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly.url, In Quarantäne, [01ffaa5602fee21ef341a5f855ae46ba], 
PUP.Optional.FindWide, C:\Users\Arne\AppData\Local\TNT2\2.0.0.1534\pinnedSearch_FindWide.htm, In Quarantäne, [9070629ec937a55b013ad6d9ec17a060], 
PUP.Optional.FindWide, C:\Users\Arne\AppData\Local\TNT2\2.0.0.1534\INSTALL.TNT, In Quarantäne, [9070629ec937a55b013ad6d9ec17a060], 
PUP.Optional.FindWide, C:\Users\Arne\AppData\Local\TNT2\2.0.0.1534\ffassist.1.dll, In Quarantäne, [9070629ec937a55b013ad6d9ec17a060], 
PUP.Optional.FindWide, C:\Users\Arne\AppData\Local\TNT2\2.0.0.1534\GLOBALUNINSTALL.TNT, In Quarantäne, [9070629ec937a55b013ad6d9ec17a060], 
PUP.Optional.FindWide, C:\Users\Arne\AppData\Local\TNT2\2.0.0.1534\hmac.1.dll, In Quarantäne, [9070629ec937a55b013ad6d9ec17a060], 
PUP.Optional.FindWide, C:\Users\Arne\AppData\Local\TNT2\2.0.0.1534\ie8starter.exe, In Quarantäne, [9070629ec937a55b013ad6d9ec17a060], 
PUP.Optional.FindWide, C:\Users\Arne\AppData\Local\TNT2\2.0.0.1534\iehpr.1.dll, In Quarantäne, [9070629ec937a55b013ad6d9ec17a060], 
PUP.Optional.FindWide, C:\Users\Arne\AppData\Local\TNT2\2.0.0.1534\iestage2.1.dll, In Quarantäne, [9070629ec937a55b013ad6d9ec17a060], 
PUP.Optional.FindWide, C:\Users\Arne\AppData\Local\TNT2\2.0.0.1534\IEToolbar.dll, In Quarantäne, [9070629ec937a55b013ad6d9ec17a060], 
PUP.Optional.FindWide, C:\Users\Arne\AppData\Local\TNT2\2.0.0.1534\IEToolbar64.dll, In Quarantäne, [9070629ec937a55b013ad6d9ec17a060], 
PUP.Optional.FindWide, C:\Users\Arne\AppData\Local\TNT2\2.0.0.1534\LastSession.log, In Quarantäne, [9070629ec937a55b013ad6d9ec17a060], 
PUP.Optional.FindWide, C:\Users\Arne\AppData\Local\TNT2\2.0.0.1534\log.dll, In Quarantäne, [9070629ec937a55b013ad6d9ec17a060], 
PUP.Optional.FindWide, C:\Users\Arne\AppData\Local\TNT2\2.0.0.1534\npTNT2.dll, In Quarantäne, [9070629ec937a55b013ad6d9ec17a060], 
PUP.Optional.FindWide, C:\Users\Arne\AppData\Local\TNT2\2.0.0.1534\npTNT2Ghost.dll, In Quarantäne, [9070629ec937a55b013ad6d9ec17a060], 
PUP.Optional.FindWide, C:\Users\Arne\AppData\Local\TNT2\2.0.0.1534\OldStyleSB.1.dll, In Quarantäne, [9070629ec937a55b013ad6d9ec17a060], 
PUP.Optional.FindWide, C:\Users\Arne\AppData\Local\TNT2\2.0.0.1534\PARTNER.TNT, In Quarantäne, [9070629ec937a55b013ad6d9ec17a060], 
PUP.Optional.FindWide, C:\Users\Arne\AppData\Local\TNT2\2.0.0.1534\passport.dll, In Quarantäne, [9070629ec937a55b013ad6d9ec17a060], 
PUP.Optional.FindWide, C:\Users\Arne\AppData\Local\TNT2\2.0.0.1534\passport64.dll, In Quarantäne, [9070629ec937a55b013ad6d9ec17a060], 
PUP.Optional.FindWide, C:\Users\Arne\AppData\Local\TNT2\2.0.0.1534\pinnedSearch.htm, In Quarantäne, [9070629ec937a55b013ad6d9ec17a060], 
PUP.Optional.FindWide, C:\Users\Arne\AppData\Local\TNT2\2.0.0.1534\progress.1.dll, In Quarantäne, [9070629ec937a55b013ad6d9ec17a060], 
PUP.Optional.FindWide, C:\Users\Arne\AppData\Local\TNT2\2.0.0.1534\regsvr.1.dll, In Quarantäne, [9070629ec937a55b013ad6d9ec17a060], 
PUP.Optional.FindWide, C:\Users\Arne\AppData\Local\TNT2\2.0.0.1534\RemoteSkin.wms, In Quarantäne, [9070629ec937a55b013ad6d9ec17a060], 
PUP.Optional.FindWide, C:\Users\Arne\AppData\Local\TNT2\2.0.0.1534\sqlite.1.dll, In Quarantäne, [9070629ec937a55b013ad6d9ec17a060], 
PUP.Optional.FindWide, C:\Users\Arne\AppData\Local\TNT2\2.0.0.1534\tnt2chrome.dll, In Quarantäne, [9070629ec937a55b013ad6d9ec17a060], 
PUP.Optional.FindWide, C:\Users\Arne\AppData\Local\TNT2\2.0.0.1534\TNT2User.exe, In Quarantäne, [9070629ec937a55b013ad6d9ec17a060], 
PUP.Optional.FindWide, C:\Users\Arne\AppData\Local\TNT2\2.0.0.1534\TNT2UserPS.dll, In Quarantäne, [9070629ec937a55b013ad6d9ec17a060], 
PUP.Optional.FindWide, C:\Users\Arne\AppData\Local\TNT2\2.0.0.1534\TNT2UserPS64.dll, In Quarantäne, [9070629ec937a55b013ad6d9ec17a060], 
PUP.Optional.FindWide, C:\Users\Arne\AppData\Local\TNT2\2.0.0.1534\TntMagicDel.dll, In Quarantäne, [9070629ec937a55b013ad6d9ec17a060], 
PUP.Optional.FindWide, C:\Users\Arne\AppData\Local\TNT2\2.0.0.1534\UnInjLib.dll, In Quarantäne, [9070629ec937a55b013ad6d9ec17a060], 
PUP.Optional.FindWide, C:\Users\Arne\AppData\Local\TNT2\2.0.0.1534\UnInjLib64.dll, In Quarantäne, [9070629ec937a55b013ad6d9ec17a060], 
PUP.Optional.FindWide, C:\Users\Arne\AppData\Local\TNT2\2.0.0.1534\UNINSTALL.TNT, In Quarantäne, [9070629ec937a55b013ad6d9ec17a060], 
PUP.Optional.FindWide, C:\Users\Arne\AppData\Local\TNT2\2.0.0.1534\UninstallDlg.1.dll, In Quarantäne, [9070629ec937a55b013ad6d9ec17a060], 
PUP.Optional.FindWide, C:\Users\Arne\AppData\Local\TNT2\2.0.0.1534\untar.1.dll, In Quarantäne, [9070629ec937a55b013ad6d9ec17a060], 
PUP.Optional.FindWide, C:\Users\Arne\AppData\Local\TNT2\2.0.0.1534\UPDATE.TNT, In Quarantäne, [9070629ec937a55b013ad6d9ec17a060], 
PUP.Optional.FindWide, C:\Users\Arne\AppData\Local\TNT2\2.0.0.1534\xpi.tar, In Quarantäne, [9070629ec937a55b013ad6d9ec17a060], 
PUP.Optional.FindWide, C:\Users\Arne\AppData\Local\TNT2\2.0.0.1534\zipunzip.1.dll, In Quarantäne, [9070629ec937a55b013ad6d9ec17a060], 
PUP.Optional.DealPly.A, C:\Users\Arne\AppData\Roaming\Dealply\UpdateProc\config.dat, In Quarantäne, [c838649c7a860df37afee57f53af6a96], 
PUP.Optional.DealPly.A, C:\Users\Arne\AppData\Roaming\Dealply\UpdateProc\TTL.DAT, In Quarantäne, [c838649c7a860df37afee57f53af6a96], 
PUP.Optional.TidyNetwork.A, C:\Users\Arne\AppData\Local\TNT2\Common\pinnedSearch.htm, In Quarantäne, [c23e5fa155ab35cb634f72f4a75b956b], 
PUP.Optional.TidyNetwork.A, C:\Users\Arne\AppData\Local\TNT2\Profiles\10447\inst.ini, In Quarantäne, [c23e5fa155ab35cb634f72f4a75b956b], 
PUP.Optional.TidyNetwork.A, C:\Users\Arne\AppData\Local\TNT2\Profiles\10447\PARTNER.1.TNT, In Quarantäne, [c23e5fa155ab35cb634f72f4a75b956b], 
PUP.Optional.TidyNetwork.A, C:\Users\Arne\AppData\Local\TNT2\Profiles\10447\partner.dat, In Quarantäne, [c23e5fa155ab35cb634f72f4a75b956b], 
PUP.Optional.TidyNetwork.A, C:\Users\Arne\AppData\Local\TNT2\Profiles\10447\passport.dll, In Quarantäne, [c23e5fa155ab35cb634f72f4a75b956b], 
PUP.Optional.TidyNetwork.A, C:\Users\Arne\AppData\Local\TNT2\Profiles\10447\passport64.dll, In Quarantäne, [c23e5fa155ab35cb634f72f4a75b956b], 
PUP.Optional.TidyNetwork.A, C:\Users\Arne\AppData\Local\TNT2\Profiles\10447\runt.ini, In Quarantäne, [c23e5fa155ab35cb634f72f4a75b956b], 
PUP.Optional.WebCake.A, C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\extensions\plugin@getwebcake.com\build.sh, In Quarantäne, [20e025db0ff131cf8065284235cde818], 
PUP.Optional.WebCake.A, C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\extensions\plugin@getwebcake.com\chrome.manifest, In Quarantäne, [20e025db0ff131cf8065284235cde818], 
PUP.Optional.WebCake.A, C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\extensions\plugin@getwebcake.com\config_build.sh, In Quarantäne, [20e025db0ff131cf8065284235cde818], 
PUP.Optional.WebCake.A, C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\extensions\plugin@getwebcake.com\icon.png, In Quarantäne, [20e025db0ff131cf8065284235cde818], 
PUP.Optional.WebCake.A, C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\extensions\plugin@getwebcake.com\install.rdf, In Quarantäne, [20e025db0ff131cf8065284235cde818], 
PUP.Optional.WebCake.A, C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\extensions\plugin@getwebcake.com\readme.txt, In Quarantäne, [20e025db0ff131cf8065284235cde818], 
PUP.Optional.WebCake.A, C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\extensions\plugin@getwebcake.com\content\about.xul, In Quarantäne, [20e025db0ff131cf8065284235cde818], 
PUP.Optional.WebCake.A, C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\extensions\plugin@getwebcake.com\content\firefoxOverlay.xul, In Quarantäne, [20e025db0ff131cf8065284235cde818], 
PUP.Optional.WebCake.A, C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\extensions\plugin@getwebcake.com\content\options.xul, In Quarantäne, [20e025db0ff131cf8065284235cde818], 
PUP.Optional.WebCake.A, C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\extensions\plugin@getwebcake.com\content\overlay.js, In Quarantäne, [20e025db0ff131cf8065284235cde818], 
PUP.Optional.WebCake.A, C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\extensions\plugin@getwebcake.com\defaults\preferences\webcake.js, In Quarantäne, [20e025db0ff131cf8065284235cde818], 
PUP.Optional.WebCake.A, C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\extensions\plugin@getwebcake.com\locale\en-US\about.dtd, In Quarantäne, [20e025db0ff131cf8065284235cde818], 
PUP.Optional.WebCake.A, C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\extensions\plugin@getwebcake.com\locale\en-US\prefwindow.dtd, In Quarantäne, [20e025db0ff131cf8065284235cde818], 
PUP.Optional.WebCake.A, C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\extensions\plugin@getwebcake.com\locale\en-US\webcake.dtd, In Quarantäne, [20e025db0ff131cf8065284235cde818], 
PUP.Optional.WebCake.A, C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\extensions\plugin@getwebcake.com\locale\en-US\webcake.properties, In Quarantäne, [20e025db0ff131cf8065284235cde818], 
PUP.Optional.WebCake.A, C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\extensions\plugin@getwebcake.com\META-INF\manifest.mf, In Quarantäne, [20e025db0ff131cf8065284235cde818], 
PUP.Optional.WebCake.A, C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\extensions\plugin@getwebcake.com\META-INF\zigbert.rsa, In Quarantäne, [20e025db0ff131cf8065284235cde818], 
PUP.Optional.WebCake.A, C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\extensions\plugin@getwebcake.com\META-INF\zigbert.sf, In Quarantäne, [20e025db0ff131cf8065284235cde818], 
PUP.Optional.WebCake.A, C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\extensions\plugin@getwebcake.com\skin\overlay.css, In Quarantäne, [20e025db0ff131cf8065284235cde818], 
PUP.Optional.WebCake.A, C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\extensions\plugin@getwebcake.com\skin\toolbar-button.png, In Quarantäne, [20e025db0ff131cf8065284235cde818], 
PUP.Optional.Babylon.A, C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (   "homepage": "hxxp://search.babylon.com/?affID=110823&tt=300912_TORP_4012_6&babsrc=HP_ss&mntrId=ee022286000000000000e4d53d42a5e7",), Ersetzt,[9e62ee128d7349b7f285cd92848005fb]
PUP.Optional.CrossRider.A, C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "140b60b2e1bd6d063993e25aa98c3419");), Ersetzt,[17e9a0602ed2eb154b9da3bb2ada8e72]
PUP.Optional.CertifiedTB.A, C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://search.certified-toolbar.com?si=43169&st=home&tid=3580&ver=3.5&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5");), Ersetzt,[50b0a8588c7432ce7a9271ee16eea060]
PUP.Optional.CertifiedTB.A, C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://search.certified-toolbar.com?si=43169&st=newtab&tid=3580&ver=3.5&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5");), Ersetzt,[ea162dd398689868093c48173bc935cb]
PUP.Optional.CertifiedTB.A, C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=43169&st=chrome&tid=3580&ver=3.5&ts=1369177136274&tguid=43169-3580-1369177136274-BCC9678E3DBE08AA96F7CD6EDEC727F5&q=");), Ersetzt,[2dd3758b42be946cf1553a25f311eb15]

Physische Sektoren: 0
(No malicious items detected)


(end)

Code:

ATTFilter

# AdwCleaner v3.205 - Bericht erstellt am 29/04/2014 um 10:10:00
# Aktualisiert 28/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Arne - ARNE-LT
# Gestartet von : C:\Users\Arne\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\Browser Updater
Ordner Gelöscht : C:\Program Files (x86)\Iminent
Ordner Gelöscht : C:\Program Files (x86)\Optimizer Pro
Ordner Gelöscht : C:\Program Files (x86)\PinPhotoZoom
Ordner Gelöscht : C:\Program Files (x86)\Protected Search
Ordner Gelöscht : C:\Program Files (x86)\SearchProtect
Ordner Gelöscht : C:\Program Files (x86)\SoftwareUpdater
Ordner Gelöscht : C:\Users\Arne\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\Arne\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\Arne\AppData\Local\Software Updater
Ordner Gelöscht : C:\Users\Arne\AppData\Local\TubeDimmer
Ordner Gelöscht : C:\Users\Arne\AppData\LocalLow\SimplyTech
Ordner Gelöscht : C:\Users\Arne\AppData\Roaming\BupSystem
Ordner Gelöscht : C:\Users\Arne\AppData\Roaming\PinPhotoZoom
Ordner Gelöscht : C:\Users\Arne\AppData\Roaming\Software Updater
Ordner Gelöscht : C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\SweetPacksToolbarData
Ordner Gelöscht : C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\sparpilot@sparpilot.com
Ordner Gelöscht : C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbdamgnimlipjnpgiakiojcbbmcmiibn
Datei Gelöscht : C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\Browser Updater
Datei Gelöscht : C:\Windows\System32\Tasks\Dealply
Datei Gelöscht : C:\Windows\System32\Tasks\DealPlyUpdate
Datei Gelöscht : C:\Windows\System32\Tasks\Freemium1ClickMaint
Datei Gelöscht : C:\Windows\System32\Tasks\Lyrics-Monkey Update
Datei Gelöscht : C:\Windows\System32\Tasks\ProtectedSearch
Datei Gelöscht : C:\Windows\System32\Tasks\Software Updater Ui
Datei Gelöscht : C:\Windows\System32\Tasks\Software Updater

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mbdamgnimlipjnpgiakiojcbbmcmiibn
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ofnnlhbgdcabppjmlijllkhekcglbjlg
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{011166B1-9A69-4174-93D5-F7D3324553FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3A520357-BA99-4C9B-BEDF-12E3E46DDF14}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
Schlüssel Gelöscht : HKCU\Software\pc optimizer pro
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DynConIE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Lyrics_Monkey
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\simplytech
Schlüssel Gelöscht : HKLM\Software\covus freemium gmbh
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5dfd64a7-81dd-45a9-9874-1fe13b7f4d56}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Default_Page_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Start Default_Page_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)]

-\\ Mozilla Firefox v25.0 (de)

[ Datei : C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultengine", "Web Search");
Zeile gelöscht : user_pref("browser.search.order.1", "Web Search");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
Zeile gelöscht : user_pref("extentions.webcake.defaultEnableAppsList", "layers,brain/features,newOffers/wc");
Zeile gelöscht : user_pref("extentions.webcake.installId", "759c8903-db9d-4ee7-8082-229dd85e3ba5");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.minibar.ROOTEXTENSION", "chrome://iminentwebbooster/content/minibar");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.minibar.Services.BHPCode", "01");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.minibar.Services.DefaultEvent", "000");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.minibar.Services.DefaultWebSite", "000");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.minibar.Services.IminentClientCode", "11");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.minibar.Services.SmartFavCode", "02");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.sslminibar.ROOTEXTENSION", "chrome://iminentwebbooster/content/minibar");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.sslminibar.Services.BHPCode", "01");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.sslminibar.Services.DefaultEvent", "000");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.sslminibar.Services.DefaultWebSite", "000");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.sslminibar.Services.IminentClientCode", "11");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.sslminibar.Services.SmartFavCode", "02");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.sslminibar.displayFavLinks", "1");
Zeile gelöscht : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "1351272131905");
Zeile gelöscht : user_pref("sweetim.toolbar.Visibility.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Zeile gelöscht : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.cda.returnValue", "hide");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff_1_6.html");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Zeile gelöscht : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube.com/.*|.*.yahoo.com/.*|.[...]
Zeile gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Zeile gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Zeile gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Zeile gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Zeile gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Zeile gelöscht : user_pref("sweetim.toolbar.mode.debug", "false");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.callback", "");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
Zeile gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]
Zeile gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10");
Zeile gelöscht : user_pref("sweetim.toolbar.simapp_id", "{39AAF1C5-1B93-11E2-BEC2-60EB6983C6D5}");
Zeile gelöscht : user_pref("sweetim.toolbar.version", "1.6.0.3");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Web Search");

-\\ Google Chrome v34.0.1847.116

[ Datei : C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Startup_urls] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2912d6c9-cc4c-4f0c-9ff4-0903618a3c5a&searchtype=hp&fr=linkury-tb&installDate=11/05/2013&type=hp1000
Gelöscht [Homepage] : hxxp://search.babylon.com/?affID=110823&tt=300912_TORP_4012_6&babsrc=HP_ss&mntrId=ee022286000000000000e4d53d42a5e7
Gelöscht [Extension] : abepbblpkilpjohncjbccmdjhdhbnhdj
Gelöscht [Extension] : mbdamgnimlipjnpgiakiojcbbmcmiibn

*************************

AdwCleaner[R0].txt - [26395 octets] - [29/04/2014 10:07:26]
AdwCleaner[S0].txt - [24070 octets] - [29/04/2014 10:10:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [24131 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Arne on 29.04.2014 at 10:15:38,53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3025636346-100433202-2293546944-1000\Software\sweetim



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\pc optimizer pro"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Arne\AppData\Roaming\mozilla\firefox\profiles\rhvx4y9h.default\extensions\{ebc3cfe3-606b-4470-98ae-4dd305d4c0b9}
Emptied folder: C:\Users\Arne\AppData\Roaming\mozilla\firefox\profiles\rhvx4y9h.default\minidumps [97 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.04.2014 at 10:21:44,78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014
Ran by Arne (administrator) on ARNE-LT on 29-04-2014 11:31:00
Running from C:\Users\Arne\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Spotify Ltd) C:\Users\Arne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
(Dropbox, Inc.) C:\Users\Arne\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Geek Software GmbH) D:\Program Files (x86)\PDF24\pdf24.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-01-20] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-01-20] (Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2010-10-29] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1025616 2012-09-03] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737360 2014-04-29] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PDFPrint] => D:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-02-19] (Geek Software GmbH)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3025636346-100433202-2293546944-1000\...\Run: [Spotify Web Helper] => C:\Users\Arne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-03-05] (Spotify Ltd)
HKU\S-1-5-21-3025636346-100433202-2293546944-1000\...\Run: [Wunderlist] => C:\Users\Arne\AppData\Local\Apps\2.0\X6KLWTQC.92T\71K9O604.LH1\wund..tion_45ec1bcecca77a53_0002.0000_8bd0285384bbd56f\Wunderlist.exe [6880768 2013-02-05] (6 Wunderkinder GmbH)
HKU\S-1-5-21-3025636346-100433202-2293546944-1000\...\Run: [DAEMON Tools Lite] => D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-3025636346-100433202-2293546944-1000\...\Run: [Driver Operating Service] => C:\Users\Arne\AppData\Local\Apps\2.0\X6KLWTQC.92T\71K9O604.LH1\dros..tion_0000000000000000_0001.0000_b7335b782fe9a0ac\Driver Operating Service.appref-ms
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Arne\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x48ACA9D9C724CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.10

FireFox:
========
FF ProfilePath: C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Protegere - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\security@protegere.org [2014-04-28]
FF Extension: YouTube Unblocker - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\youtubeunblocker@unblocker.yt [2013-12-02]
FF Extension: ReminderFox - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2013-12-02]
FF Extension: Evernote Web Clipper - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-04-28]
FF Extension: InvisibleHand - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\canitbecheaper@trafficbroker.co.uk.xpi [2012-10-08]
FF Extension: Ciuvo - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\extension@ciuvo.com.xpi [2012-10-08]
FF Extension: leethax.net extension - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\leethax@leethax.net.xpi [2013-01-28]
FF Extension: Clearly - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\readable@evernote.com.xpi [2012-10-26]
FF Extension: NoScript - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-10-24]
FF Extension: Soundcloud SUPER +2: Downloader and Recommender - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\{988da70d-b78d-44a1-a9c7-ed11832a9e2e}.xpi [2012-12-19]
FF Extension: FootieFox - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4}.xpi [2012-10-08]
FF Extension: Adblock Plus - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-08]
FF HKLM-x32\...\Firefox\Extensions: [{28B041F9-242D-4DE0-9A19-A82C542ACFB0}] - C:\Windows\Installer\{8BDECB8E-FA78-41E5-937D-05B6C9651112}\{28B041F9-242D-4DE0-9A19-A82C542ACFB0}.xpi
FF Extension: No Name - C:\Windows\Installer\{8BDECB8E-FA78-41E5-937D-05B6C9651112}\{28B041F9-242D-4DE0-9A19-A82C542ACFB0}.xpi [2014-04-28]
FF HKCU\...\Firefox\Extensions: [{b5ad6039-a173-4149-9dcf-d04371526253}] - C:\Program Files (x86)\Lyrics_Monkey\131.xpi

Chrome: 
=======
CHR HomePage: hxxp://search.babylon.com/?affID=110823&tt=300912_TORP_4012_6&babsrc=HP_ss&mntrId=ee022286000000000000e4d53d42a5e7
CHR StartupUrls: "hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN", "https://www.bitcoin.de/de", "hxxp://www.gmx.net/", "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2912d6c9-cc4c-4f0c-9ff4-0903618a3c5a&searchtype=hp&fr=linkury-tb&installDate=11/05/2013&type=hp1000"
CHR DefaultSearchKeyword: ecosia.org
CHR DefaultSearchProvider: Ecosia
CHR DefaultSearchURL: hxxp://ecosia.org/search?q={searchTerms}&addon=opensearch
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-04-28]
CHR Extension: (Google Docs) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-05]
CHR Extension: (Google Drive) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-05]
CHR Extension: (Schalten Sie das Licht) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2014-04-28]
CHR Extension: (YouTube) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-05]
CHR Extension: (Adblock Plus) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-06-05]
CHR Extension: (Ecosia - Die Suchmaschine, die Bäume pflanzt) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\clellnciejhoedgepbdilbkdkaoecgpc [2014-04-28]
CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2014-04-28]
CHR Extension: (Google-Suche) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-05]
CHR Extension: (FeedSquares - Supercharge your Google Reader) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi [2014-04-28]
CHR Extension: (Clock für Google Chrome ™) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\emakkfldeggiinnfcdjkakdfcppbfhdg [2014-04-28]
CHR Extension: (AdBlock) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-28]
CHR Extension: (RSS Live Links) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcamnijgggppihioleoenjmlnakejdph [2014-04-28]
CHR Extension: (Evernote Snipping Tool ) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmhpjbejpnnaffkpmebeagdiidibjfa [2013-11-12]
CHR Extension: (Clearly) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2013-06-05]
CHR Extension: (Evernote Web) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2013-06-05]
CHR Extension: (Google Wallet) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-28]
CHR Extension: (Download Protect) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\noknoogiiibmpoenlhpcllbmbncldhfa [2014-04-28]
CHR Extension: (Google Mail) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-05]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-04-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-04-29] (Avira Operations GmbH & Co. KG)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-04-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-04-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
R3 hpnuhst; C:\Windows\System32\DRIVERS\hpnuhst.sys [16384 2007-03-27] (Hewlett-Packard Development Company)
R3 HPNUHUB; C:\Windows\System32\DRIVERS\hpnuhub.sys [40448 2007-10-30] (Hewlett-Packard Development Company)
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [75888 2012-09-03] (Atheros Communications, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-12-17] (Duplex Secure Ltd.)
U3 ar62kwb2; C:\Windows\System32\Drivers\ar62kwb2.sys [0 ] (Advanced Micro Devices)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 SANDRA; \??\D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.RTM\WNt500x64\Sandra.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-29 10:47 - 2014-04-29 10:48 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-04-29 10:21 - 2014-04-29 10:21 - 00001716 _____ () C:\Users\Arne\Desktop\JRT.txt
2014-04-29 10:15 - 2014-04-29 10:15 - 00000000 ____D () C:\Windows\ERUNT
2014-04-29 10:13 - 2014-04-29 10:13 - 00024412 _____ () C:\Users\Arne\Desktop\AdwCleaner[S0].txt
2014-04-29 10:07 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-04-29 10:06 - 2014-04-29 10:10 - 00000000 ____D () C:\AdwCleaner
2014-04-29 10:06 - 2014-04-29 10:06 - 00027383 _____ () C:\Users\Arne\Desktop\mbam.txt
2014-04-29 10:01 - 2014-04-29 10:11 - 00031432 _____ () C:\Windows\PFRO.log
2014-04-29 10:01 - 2014-04-29 10:11 - 00000112 _____ () C:\Windows\setupact.log
2014-04-29 10:01 - 2014-04-29 10:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-29 09:38 - 2014-04-29 10:03 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-29 09:38 - 2014-04-29 09:38 - 00001105 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-29 09:38 - 2014-04-29 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-29 09:38 - 2014-04-29 09:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-29 09:38 - 2014-04-29 09:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-29 09:38 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-29 09:38 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-29 09:38 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-29 09:37 - 2014-04-29 09:38 - 01016261 _____ (Thisisu) C:\Users\Arne\Desktop\JRT.exe
2014-04-29 09:36 - 2014-04-29 09:37 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Arne\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-29 09:30 - 2014-04-29 09:31 - 01310621 _____ () C:\Users\Arne\Desktop\adwcleaner.exe
2014-04-28 11:45 - 2014-04-28 11:45 - 00027112 _____ () C:\ComboFix.txt
2014-04-28 11:35 - 2014-04-28 11:45 - 00000000 ____D () C:\Qoobox
2014-04-28 11:35 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-28 11:35 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-28 11:35 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-28 11:35 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-28 11:35 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-28 11:35 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-28 11:35 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-28 11:35 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-28 11:34 - 2014-04-28 11:43 - 00000000 ____D () C:\Windows\erdnt
2014-04-28 11:24 - 2014-04-28 11:24 - 00001267 _____ () C:\Users\Arne\Desktop\Revo Uninstaller.lnk
2014-04-28 11:24 - 2014-04-28 11:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-28 11:23 - 2014-04-28 11:24 - 05196309 ____R (Swearware) C:\Users\Arne\Desktop\ComboFix.exe
2014-04-28 10:30 - 2014-04-28 10:30 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Arne\Desktop\revosetup95.exe
2014-04-28 09:38 - 2014-04-28 09:39 - 00036560 _____ () C:\Users\Arne\Desktop\Addition.txt
2014-04-28 09:37 - 2014-04-29 11:31 - 00023794 _____ () C:\Users\Arne\Desktop\FRST.txt
2014-04-28 09:37 - 2014-04-29 11:31 - 00000000 ____D () C:\FRST
2014-04-28 08:46 - 2014-04-28 08:46 - 02061824 _____ (Farbar) C:\Users\Arne\Desktop\FRST64.exe
2014-04-09 09:21 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-09 09:09 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 09:09 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 09:09 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 09:09 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 09:09 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 09:09 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 09:09 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 09:09 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 09:09 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 09:09 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 09:09 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 09:07 - 2014-04-28 08:06 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-04 17:36 - 2014-04-04 17:36 - 00002521 _____ () C:\Users\Public\Desktop\Freetec TubeBox.lnk
2014-04-04 17:36 - 2014-04-04 17:36 - 00000000 ____D () C:\Users\Arne\AppData\Roaming\dlg
2014-04-04 17:36 - 2014-04-04 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freetec
2014-04-04 17:33 - 2014-04-04 17:33 - 00118784 _____ () C:\Windows\system32\winipsfc.exe
2014-04-04 17:32 - 2014-04-04 17:32 - 00000000 ____D () C:\Program Files (x86)\SparPilotAddon
2014-04-04 17:24 - 2014-04-04 17:27 - 00000000 ____D () C:\Users\Arne\AppData\Roaming\Security System 2

==================== One Month Modified Files and Folders =======

2014-04-29 11:31 - 2014-04-28 09:37 - 00023794 _____ () C:\Users\Arne\Desktop\FRST.txt
2014-04-29 11:31 - 2014-04-28 09:37 - 00000000 ____D () C:\FRST
2014-04-29 10:57 - 2013-04-02 14:35 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-04-29 10:57 - 2013-04-02 14:35 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-04-29 10:48 - 2014-04-29 10:47 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-04-29 10:21 - 2014-04-29 10:21 - 00001716 _____ () C:\Users\Arne\Desktop\JRT.txt
2014-04-29 10:20 - 2009-07-14 06:45 - 00015120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-29 10:20 - 2009-07-14 06:45 - 00015120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-29 10:15 - 2014-04-29 10:15 - 00000000 ____D () C:\Windows\ERUNT
2014-04-29 10:14 - 2012-11-07 17:15 - 00000000 ____D () C:\Users\Arne\AppData\Roaming\Dropbox
2014-04-29 10:13 - 2014-04-29 10:13 - 00024412 _____ () C:\Users\Arne\Desktop\AdwCleaner[S0].txt
2014-04-29 10:11 - 2014-04-29 10:01 - 00031432 _____ () C:\Windows\PFRO.log
2014-04-29 10:11 - 2014-04-29 10:01 - 00000112 _____ () C:\Windows\setupact.log
2014-04-29 10:10 - 2014-04-29 10:06 - 00000000 ____D () C:\AdwCleaner
2014-04-29 10:10 - 2013-05-21 12:49 - 00000000 ____D () C:\Windows\System32\Tasks\ProtectedSearch
2014-04-29 10:10 - 2013-05-21 12:49 - 00000000 ____D () C:\Windows\System32\Tasks\Browser Updater
2014-04-29 10:10 - 2012-09-03 22:22 - 01692259 _____ () C:\Windows\WindowsUpdate.log
2014-04-29 10:06 - 2014-04-29 10:06 - 00027383 _____ () C:\Users\Arne\Desktop\mbam.txt
2014-04-29 10:03 - 2014-04-29 09:38 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-29 10:02 - 2013-02-05 18:50 - 00000000 ____D () C:\Users\Arne\AppData\Local\Deployment
2014-04-29 10:02 - 2013-02-05 18:50 - 00000000 ____D () C:\Users\Arne\AppData\Local\Apps\2.0
2014-04-29 10:01 - 2014-04-29 10:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-29 10:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\IME
2014-04-29 09:38 - 2014-04-29 09:38 - 00001105 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-29 09:38 - 2014-04-29 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-29 09:38 - 2014-04-29 09:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-29 09:38 - 2014-04-29 09:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-29 09:38 - 2014-04-29 09:37 - 01016261 _____ (Thisisu) C:\Users\Arne\Desktop\JRT.exe
2014-04-29 09:37 - 2014-04-29 09:36 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Arne\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-29 09:31 - 2014-04-29 09:30 - 01310621 _____ () C:\Users\Arne\Desktop\adwcleaner.exe
2014-04-28 11:45 - 2014-04-28 11:45 - 00027112 _____ () C:\ComboFix.txt
2014-04-28 11:45 - 2014-04-28 11:35 - 00000000 ____D () C:\Qoobox
2014-04-28 11:45 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-04-28 11:43 - 2014-04-28 11:34 - 00000000 ____D () C:\Windows\erdnt
2014-04-28 11:43 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-28 11:24 - 2014-04-28 11:24 - 00001267 _____ () C:\Users\Arne\Desktop\Revo Uninstaller.lnk
2014-04-28 11:24 - 2014-04-28 11:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-28 11:24 - 2014-04-28 11:23 - 05196309 ____R (Swearware) C:\Users\Arne\Desktop\ComboFix.exe
2014-04-28 10:30 - 2014-04-28 10:30 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Arne\Desktop\revosetup95.exe
2014-04-28 09:39 - 2014-04-28 09:38 - 00036560 _____ () C:\Users\Arne\Desktop\Addition.txt
2014-04-28 08:46 - 2014-04-28 08:46 - 02061824 _____ (Farbar) C:\Users\Arne\Desktop\FRST64.exe
2014-04-28 08:39 - 2013-11-08 19:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-28 08:06 - 2014-04-09 09:07 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-28 08:00 - 2013-08-23 20:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-28 07:56 - 2012-09-04 00:20 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-10 19:00 - 2013-06-05 10:38 - 00002178 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-10 09:43 - 2009-07-14 19:58 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-04-10 09:43 - 2009-07-14 19:58 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-04-10 09:43 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-09 09:07 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-06 12:49 - 2009-07-14 06:45 - 00311320 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-06 12:48 - 2012-09-04 09:16 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-06 12:48 - 2012-09-04 09:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-06 12:35 - 2012-09-04 09:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-04-04 17:36 - 2014-04-04 17:36 - 00002521 _____ () C:\Users\Public\Desktop\Freetec TubeBox.lnk
2014-04-04 17:36 - 2014-04-04 17:36 - 00000000 ____D () C:\Users\Arne\AppData\Roaming\dlg
2014-04-04 17:36 - 2014-04-04 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freetec
2014-04-04 17:36 - 2012-10-10 17:02 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-04 17:33 - 2014-04-04 17:33 - 00118784 _____ () C:\Windows\system32\winipsfc.exe
2014-04-04 17:32 - 2014-04-04 17:32 - 00000000 ____D () C:\Program Files (x86)\SparPilotAddon
2014-04-04 17:27 - 2014-04-04 17:24 - 00000000 ____D () C:\Users\Arne\AppData\Roaming\Security System 2
2014-04-03 09:51 - 2014-04-29 09:38 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-29 09:38 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-29 09:38 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 09:35 - 2012-09-03 23:22 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Arne\AppData\Local\Temp\avgnt.exe
C:\Users\Arne\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-07 11:42

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 30.04.2014, 23:03

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

MarshallMath · 02.05.2014, 06:01

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=6ecac7d4497b1f4d86de1aa637e53c68
# engine=18096
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-01 08:55:40
# local_time=2014-05-01 10:55:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 18368 264357830 11110 0
# compatibility_mode=5893 16776573 100 94 75477 150564390 0 0
# scanned=225624
# found=2
# cleaned=0
# scan_time=16051
sh=012AE7E3389548A664C5519DA0E0706552785CD4 ft=1 fh=ee6e82168d86a290 vn="Win32/AdWare.1ClickDownload.AR Anwendung" ac=I fn="C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\File System\003\t\00\00000000"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/Packed.VMProtect.AAA Trojaner" ac=I fn="H:\Spiele\Die Siedler 7\rzr-set7.iso"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=6ecac7d4497b1f4d86de1aa637e53c68
# engine=18102
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-01 05:19:50
# local_time=2014-05-01 07:19:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 254 264388080 0 0
# compatibility_mode=5893 16776573 100 94 105727 150594640 0 0
# scanned=377
# found=0
# cleaned=0
# scan_time=42

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.82  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Java 7 Update 51  
 Java version out of Date! 
  Adobe Flash Player 11.9.900.152 Flash Player out of Date!  
 Adobe Reader 10.1.4 Adobe Reader out of Date!  
 Mozilla Firefox (25.0) 
 Google Chrome 34.0.1847.116  
 Google Chrome 34.0.1847.131  
 Google Chrome wtsapi32.dll..  
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014
Ran by Arne (administrator) on ARNE-LT on 01-05-2014 19:55:31
Running from C:\Users\Arne\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Spotify Ltd) C:\Users\Arne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
(Dropbox, Inc.) C:\Users\Arne\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Geek Software GmbH) D:\Program Files (x86)\PDF24\pdf24.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-01-20] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-01-20] (Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2010-10-29] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1025616 2012-09-03] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737360 2014-04-29] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PDFPrint] => D:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-02-19] (Geek Software GmbH)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3025636346-100433202-2293546944-1000\...\Run: [Spotify Web Helper] => C:\Users\Arne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-03-05] (Spotify Ltd)
HKU\S-1-5-21-3025636346-100433202-2293546944-1000\...\Run: [Wunderlist] => C:\Users\Arne\AppData\Local\Apps\2.0\X6KLWTQC.92T\71K9O604.LH1\wund..tion_45ec1bcecca77a53_0002.0000_8bd0285384bbd56f\Wunderlist.exe [6880768 2013-02-05] (6 Wunderkinder GmbH)
HKU\S-1-5-21-3025636346-100433202-2293546944-1000\...\Run: [DAEMON Tools Lite] => D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-3025636346-100433202-2293546944-1000\...\Run: [Driver Operating Service] => C:\Users\Arne\AppData\Local\Apps\2.0\X6KLWTQC.92T\71K9O604.LH1\dros..tion_0000000000000000_0001.0000_b7335b782fe9a0ac\Driver Operating Service.appref-ms
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Arne\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x48ACA9D9C724CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.10

FireFox:
========
FF ProfilePath: C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\security@protegere.org [2014-04-28]
FF Extension: YouTube Unblocker - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\youtubeunblocker@unblocker.yt [2013-12-02]
FF Extension: ReminderFox - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2013-12-02]
FF Extension: Evernote Web Clipper - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-04-28]
FF Extension: InvisibleHand - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\canitbecheaper@trafficbroker.co.uk.xpi [2012-10-08]
FF Extension: Ciuvo - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\extension@ciuvo.com.xpi [2012-10-08]
FF Extension: leethax.net extension - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\leethax@leethax.net.xpi [2013-01-28]
FF Extension: Clearly - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\readable@evernote.com.xpi [2012-10-26]
FF Extension: NoScript - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-10-24]
FF Extension: Soundcloud SUPER +2: Downloader and Recommender - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\{988da70d-b78d-44a1-a9c7-ed11832a9e2e}.xpi [2012-12-19]
FF Extension: FootieFox - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4}.xpi [2012-10-08]
FF Extension: Adblock Plus - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\rhvx4y9h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-08]
FF HKLM-x32\...\Firefox\Extensions: [{28B041F9-242D-4DE0-9A19-A82C542ACFB0}] - C:\Windows\Installer\{8BDECB8E-FA78-41E5-937D-05B6C9651112}\{28B041F9-242D-4DE0-9A19-A82C542ACFB0}.xpi
FF Extension: No Name - C:\Windows\Installer\{8BDECB8E-FA78-41E5-937D-05B6C9651112}\{28B041F9-242D-4DE0-9A19-A82C542ACFB0}.xpi [2014-04-28]
FF HKCU\...\Firefox\Extensions: [{b5ad6039-a173-4149-9dcf-d04371526253}] - C:\Program Files (x86)\Lyrics_Monkey\131.xpi

Chrome: 
=======
CHR HomePage: hxxp://search.babylon.com/?affID=110823&tt=300912_TORP_4012_6&babsrc=HP_ss&mntrId=ee022286000000000000e4d53d42a5e7
CHR StartupUrls: "hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN", "https://www.bitcoin.de/de", "hxxp://www.gmx.net/", "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2912d6c9-cc4c-4f0c-9ff4-0903618a3c5a&searchtype=hp&fr=linkury-tb&installDate=11/05/2013&type=hp1000"
CHR DefaultSearchKeyword: ecosia.org
CHR DefaultSearchProvider: Ecosia
CHR DefaultSearchURL: hxxp://ecosia.org/search?q={searchTerms}&addon=opensearch
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-04-28]
CHR Extension: (Google Docs) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-05]
CHR Extension: (Google Drive) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-05]
CHR Extension: (Schalten Sie das Licht) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2014-04-28]
CHR Extension: (YouTube) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-05]
CHR Extension: (Adblock Plus) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-06-05]
CHR Extension: (Ecosia - Die Suchmaschine, die Bäume pflanzt) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\clellnciejhoedgepbdilbkdkaoecgpc [2014-04-28]
CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2014-04-28]
CHR Extension: (Google-Suche) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-05]
CHR Extension: (FeedSquares - Supercharge your Google Reader) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi [2014-04-28]
CHR Extension: (Clock für Google Chrome ™) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\emakkfldeggiinnfcdjkakdfcppbfhdg [2014-04-28]
CHR Extension: (AdBlock) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-28]
CHR Extension: (RSS Live Links) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcamnijgggppihioleoenjmlnakejdph [2014-04-28]
CHR Extension: (Evernote Snipping Tool ) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmhpjbejpnnaffkpmebeagdiidibjfa [2013-11-12]
CHR Extension: (Clearly) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2013-06-05]
CHR Extension: (Evernote Web) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2013-06-05]
CHR Extension: (Google Wallet) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-28]
CHR Extension: (Download Protect) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\noknoogiiibmpoenlhpcllbmbncldhfa [2014-04-28]
CHR Extension: (Google Mail) - C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-05]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-04-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-04-29] (Avira Operations GmbH & Co. KG)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-04-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-04-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
R3 hpnuhst; C:\Windows\System32\DRIVERS\hpnuhst.sys [16384 2007-03-27] (Hewlett-Packard Development Company)
R3 HPNUHUB; C:\Windows\System32\DRIVERS\hpnuhub.sys [40448 2007-10-30] (Hewlett-Packard Development Company)
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [75888 2012-09-03] (Atheros Communications, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-12-17] (Duplex Secure Ltd.)
U3 anv5fybr; C:\Windows\System32\Drivers\anv5fybr.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 SANDRA; \??\D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.RTM\WNt500x64\Sandra.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-01 19:50 - 2014-05-01 19:50 - 00855379 _____ () C:\Users\Arne\Desktop\SecurityCheck.exe
2014-05-01 11:17 - 2014-05-01 11:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-01 06:21 - 2014-05-01 06:21 - 02347384 _____ (ESET) C:\Users\Arne\Desktop\esetsmartinstaller_deu.exe
2014-05-01 05:52 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-01 05:52 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-01 05:52 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-01 05:52 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-01 05:52 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-01 05:52 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-01 05:52 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-01 05:52 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-01 05:52 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-01 05:52 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-01 05:52 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-01 05:52 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-01 05:52 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-01 05:52 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-01 05:52 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-01 05:52 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-01 05:52 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-01 05:52 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-01 05:52 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-01 05:52 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-01 05:52 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-01 05:52 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-01 05:52 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-01 05:52 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-01 05:52 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-01 05:52 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-01 05:52 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-01 05:52 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-01 05:52 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-01 05:52 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-01 05:52 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-01 05:52 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-01 05:52 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-01 05:52 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-01 05:52 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-01 05:52 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-01 05:52 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-01 05:52 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-01 05:52 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-01 05:52 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-01 05:52 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-01 05:52 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-01 05:52 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-01 05:52 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-01 05:52 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-01 05:52 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-01 05:52 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-01 05:52 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-30 13:49 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-30 13:49 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-29 10:47 - 2014-05-02 06:37 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-04-29 10:21 - 2014-04-29 10:21 - 00001716 _____ () C:\Users\Arne\Desktop\JRT.txt
2014-04-29 10:15 - 2014-04-29 10:15 - 00000000 ____D () C:\Windows\ERUNT
2014-04-29 10:13 - 2014-04-29 10:13 - 00024412 _____ () C:\Users\Arne\Desktop\AdwCleaner[S0].txt
2014-04-29 10:07 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-04-29 10:06 - 2014-04-29 10:10 - 00000000 ____D () C:\AdwCleaner
2014-04-29 10:06 - 2014-04-29 10:06 - 00027383 _____ () C:\Users\Arne\Desktop\mbam.txt
2014-04-29 10:01 - 2014-05-01 11:19 - 00031790 _____ () C:\Windows\PFRO.log
2014-04-29 10:01 - 2014-05-01 11:19 - 00000168 _____ () C:\Windows\setupact.log
2014-04-29 10:01 - 2014-04-29 10:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-29 09:38 - 2014-04-29 10:03 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-29 09:38 - 2014-04-29 09:38 - 00001105 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-29 09:38 - 2014-04-29 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-29 09:38 - 2014-04-29 09:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-29 09:38 - 2014-04-29 09:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-29 09:38 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-29 09:38 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-29 09:38 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-29 09:37 - 2014-04-29 09:38 - 01016261 _____ (Thisisu) C:\Users\Arne\Desktop\JRT.exe
2014-04-29 09:36 - 2014-04-29 09:37 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Arne\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-29 09:30 - 2014-04-29 09:31 - 01310621 _____ () C:\Users\Arne\Desktop\adwcleaner.exe
2014-04-28 11:45 - 2014-04-28 11:45 - 00027112 _____ () C:\ComboFix.txt
2014-04-28 11:35 - 2014-04-28 11:45 - 00000000 ____D () C:\Qoobox
2014-04-28 11:35 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-28 11:35 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-28 11:35 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-28 11:35 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-28 11:35 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-28 11:35 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-28 11:35 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-28 11:35 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-28 11:34 - 2014-04-28 11:43 - 00000000 ____D () C:\Windows\erdnt
2014-04-28 11:24 - 2014-04-28 11:24 - 00001267 _____ () C:\Users\Arne\Desktop\Revo Uninstaller.lnk
2014-04-28 11:24 - 2014-04-28 11:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-28 11:23 - 2014-04-28 11:24 - 05196309 ____R (Swearware) C:\Users\Arne\Desktop\ComboFix.exe
2014-04-28 10:30 - 2014-04-28 10:30 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Arne\Desktop\revosetup95.exe
2014-04-28 09:38 - 2014-04-28 09:39 - 00036560 _____ () C:\Users\Arne\Desktop\Addition.txt
2014-04-28 09:37 - 2014-05-01 19:55 - 00023959 _____ () C:\Users\Arne\Desktop\FRST.txt
2014-04-28 09:37 - 2014-05-01 19:55 - 00000000 ____D () C:\FRST
2014-04-28 08:46 - 2014-04-28 08:46 - 02061824 _____ (Farbar) C:\Users\Arne\Desktop\FRST64.exe
2014-04-09 09:21 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-09 09:15 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 09:15 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 09:15 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 09:15 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 09:15 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 09:09 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 09:09 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 09:09 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 09:09 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 09:09 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 09:09 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 09:09 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 09:09 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 09:09 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 09:09 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 09:09 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 09:07 - 2014-04-28 08:06 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-04 17:36 - 2014-04-04 17:36 - 00002521 _____ () C:\Users\Public\Desktop\Freetec TubeBox.lnk
2014-04-04 17:36 - 2014-04-04 17:36 - 00000000 ____D () C:\Users\Arne\AppData\Roaming\dlg
2014-04-04 17:36 - 2014-04-04 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freetec
2014-04-04 17:33 - 2014-04-04 17:33 - 00118784 _____ () C:\Windows\system32\winipsfc.exe
2014-04-04 17:32 - 2014-04-04 17:32 - 00000000 ____D () C:\Program Files (x86)\SparPilotAddon
2014-04-04 17:24 - 2014-05-01 19:21 - 00000000 ____D () C:\Users\Arne\AppData\Roaming\Security System 2

==================== One Month Modified Files and Folders =======

2014-05-02 06:56 - 2014-04-28 09:37 - 00023959 _____ () C:\Users\Arne\Desktop\FRST.txt
2014-05-02 06:37 - 2014-04-29 10:47 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-05-01 19:55 - 2014-04-28 09:37 - 00000000 ____D () C:\FRST
2014-05-01 19:50 - 2014-05-01 19:50 - 00855379 _____ () C:\Users\Arne\Desktop\SecurityCheck.exe
2014-05-01 19:21 - 2014-04-04 17:24 - 00000000 ____D () C:\Users\Arne\AppData\Roaming\Security System 2
2014-05-01 19:17 - 2012-11-07 17:15 - 00000000 ____D () C:\Users\Arne\AppData\Roaming\Dropbox
2014-05-01 19:16 - 2012-09-03 22:22 - 01274636 _____ () C:\Windows\WindowsUpdate.log
2014-05-01 11:25 - 2009-07-14 06:45 - 00015120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-01 11:25 - 2009-07-14 06:45 - 00015120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-01 11:19 - 2014-04-29 10:01 - 00031790 _____ () C:\Windows\PFRO.log
2014-05-01 11:19 - 2014-04-29 10:01 - 00000168 _____ () C:\Windows\setupact.log
2014-05-01 11:17 - 2014-05-01 11:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-01 11:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-01 06:21 - 2014-05-01 06:21 - 02347384 _____ (ESET) C:\Users\Arne\Desktop\esetsmartinstaller_deu.exe
2014-05-01 06:07 - 2009-07-14 19:58 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-05-01 06:07 - 2009-07-14 19:58 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-05-01 06:07 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-30 14:36 - 2013-06-05 10:38 - 00002178 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-29 10:57 - 2013-04-02 14:35 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-04-29 10:57 - 2013-04-02 14:35 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-04-29 10:21 - 2014-04-29 10:21 - 00001716 _____ () C:\Users\Arne\Desktop\JRT.txt
2014-04-29 10:15 - 2014-04-29 10:15 - 00000000 ____D () C:\Windows\ERUNT
2014-04-29 10:13 - 2014-04-29 10:13 - 00024412 _____ () C:\Users\Arne\Desktop\AdwCleaner[S0].txt
2014-04-29 10:10 - 2014-04-29 10:06 - 00000000 ____D () C:\AdwCleaner
2014-04-29 10:10 - 2013-05-21 12:49 - 00000000 ____D () C:\Windows\System32\Tasks\ProtectedSearch
2014-04-29 10:10 - 2013-05-21 12:49 - 00000000 ____D () C:\Windows\System32\Tasks\Browser Updater
2014-04-29 10:06 - 2014-04-29 10:06 - 00027383 _____ () C:\Users\Arne\Desktop\mbam.txt
2014-04-29 10:03 - 2014-04-29 09:38 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-29 10:02 - 2013-02-05 18:50 - 00000000 ____D () C:\Users\Arne\AppData\Local\Deployment
2014-04-29 10:02 - 2013-02-05 18:50 - 00000000 ____D () C:\Users\Arne\AppData\Local\Apps\2.0
2014-04-29 10:01 - 2014-04-29 10:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-29 10:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\IME
2014-04-29 09:38 - 2014-04-29 09:38 - 00001105 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-29 09:38 - 2014-04-29 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-29 09:38 - 2014-04-29 09:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-29 09:38 - 2014-04-29 09:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-29 09:38 - 2014-04-29 09:37 - 01016261 _____ (Thisisu) C:\Users\Arne\Desktop\JRT.exe
2014-04-29 09:37 - 2014-04-29 09:36 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Arne\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-29 09:31 - 2014-04-29 09:30 - 01310621 _____ () C:\Users\Arne\Desktop\adwcleaner.exe
2014-04-28 11:45 - 2014-04-28 11:45 - 00027112 _____ () C:\ComboFix.txt
2014-04-28 11:45 - 2014-04-28 11:35 - 00000000 ____D () C:\Qoobox
2014-04-28 11:45 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-04-28 11:43 - 2014-04-28 11:34 - 00000000 ____D () C:\Windows\erdnt
2014-04-28 11:43 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-28 11:24 - 2014-04-28 11:24 - 00001267 _____ () C:\Users\Arne\Desktop\Revo Uninstaller.lnk
2014-04-28 11:24 - 2014-04-28 11:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-28 11:24 - 2014-04-28 11:23 - 05196309 ____R (Swearware) C:\Users\Arne\Desktop\ComboFix.exe
2014-04-28 10:30 - 2014-04-28 10:30 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Arne\Desktop\revosetup95.exe
2014-04-28 09:39 - 2014-04-28 09:38 - 00036560 _____ () C:\Users\Arne\Desktop\Addition.txt
2014-04-28 08:46 - 2014-04-28 08:46 - 02061824 _____ (Farbar) C:\Users\Arne\Desktop\FRST64.exe
2014-04-28 08:39 - 2013-11-08 19:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-28 08:06 - 2014-04-09 09:07 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-28 08:00 - 2013-08-23 20:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-28 07:56 - 2012-09-04 00:20 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-14 04:24 - 2014-04-30 13:49 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-04-30 13:49 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-09 09:07 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-06 12:49 - 2009-07-14 06:45 - 00311320 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-06 12:48 - 2012-09-04 09:16 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-06 12:48 - 2012-09-04 09:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-06 12:35 - 2012-09-04 09:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-04-04 17:36 - 2014-04-04 17:36 - 00002521 _____ () C:\Users\Public\Desktop\Freetec TubeBox.lnk
2014-04-04 17:36 - 2014-04-04 17:36 - 00000000 ____D () C:\Users\Arne\AppData\Roaming\dlg
2014-04-04 17:36 - 2014-04-04 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freetec
2014-04-04 17:36 - 2012-10-10 17:02 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-04 17:33 - 2014-04-04 17:33 - 00118784 _____ () C:\Windows\system32\winipsfc.exe
2014-04-04 17:32 - 2014-04-04 17:32 - 00000000 ____D () C:\Program Files (x86)\SparPilotAddon
2014-04-03 09:51 - 2014-04-29 09:38 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-29 09:38 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-29 09:38 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\Arne\AppData\Local\Temp\avgnt.exe
C:\Users\Arne\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-07 11:42

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

schrauber · 02.05.2014, 16:57

Java, Flash und Adobe updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

MarshallMath · 05.05.2014, 19:03

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-05-2014
Ran by Arne at 2014-05-05 20:02:22 Run:1
Running from C:\Users\Arne\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.


The system needed a reboot. 

==== End of Fixlog ====

Außerdem noch vielen Dank für die Arbeit die du dir gemacht hast! Mein Computer läuft jetzt einiges besser

schrauber · 06.05.2014, 16:20

Gern Geschehen

06.05.2014, 16:20	#12
schrauber /// the machine /// TB-Ausbilder	Download Protect 2.20 lässt sich nicht entfernen Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Download Protect 2.20 lässt sich nicht entfernen

Plagegeister aller Art und deren Bekämpfung: Download Protect 2.20 lässt sich nicht entfernen