Hallo liebe Leute vom Trojaner-Board.

Ich habe hier ein Problem auf meinem Rechner (Windows 7) und hoffe, dass ihr schlauen Köpfe mir helfen könnt. Mein Outlook funktioniert nicht mehr (stellt keine Verbindung zum Internet her) und beim Öffnen von Chrome kommt als Startseite immer diese trovi.com Seite. Ich habe gelesen, dass das wohl ein Trojaner sei. Ich weiß aber nicht, ob das auch für mein Outlook-Problem gilt. Ich habe mir von Winzip den angeblich "kostenlosen" Maleware Protector herunter geladen, der mir 74 Infektionen auf dem Rechner gefunden...

Kann mir jemand sagen, was ich da machen kann? Ich kenne mich wirklich null aus und brauche eine Schritt für Schritt Anleitung!

Würde mich über Hilfe riesig freuen!


Liebe Grüße,
Sandra


PS: Vielleicht hilft ja das log von dem Maleware Protector Programm?

Aus der logdatei:

<?xml version="1.0" encoding="utf-8" standalone="yes"?><?xml-stylesheet type='text/xsl' href='C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\log.xslt'?><info><LangStrings><string1>Datum der Überprüfung</string1><string2>Datenbankversion</string2><string3>Gefundene Elemente insgesamt</string3><string4>Überprüfte Objekte:</string4><string5>Abgelaufene Zeit:</string5><string6>Name</string6><string7>Gefundene Elemente</string7><string8>Name der Infektion</string8><string9>Kategorie</string9><string10>Bedrohungsstufe</string10><string11>Durchgeführte Aktion</string11><string12>Elemente gefunden</string12><string13>Gefundener Bereich</string13><string14>Details</string14><string15>Dateiname</string15><string16>MD5</string16><string17>Signatur</string17><string18>Registrierungsschlüssel</string18><string19>Keine Infektionen entdeckt.</string19><string20 /></LangStrings><loginfo><date>04.06.2014 09:31:21</date><key /><istrial>True</istrial><system>SPIELZEUGKISTE6|192.168.2.102|D4-3D-7E-DF-38-04</system><scantype>QuickScan</scantype><os>Windows 7 64 Bit, Version : Microsoft Windows NT 6.1.7601 Service Pack 1</os><dbversion>1824</dbversion><time>00:07:25</time><objectscanned>276349</objectscanned><objectfound>74</objectfound><cultureinfo>German (Germany)</cultureinfo><version>2.1.1000.10798</version></loginfo><companyinfo><companyname>Nico Mak Computing</companyname><productname>WinZip Malware Protector</productname><copyright>© 2013 WinZip International LLC. All rights reserved.</copyright></companyinfo><log logdate="Mittwoch, 4. Juni 2014" databaseversion="1824" objectscanned="276349" timeelapsed="00:07:25"><SerializableDictionaryOfStringListOfcFoundItems><Item><Key><string>pup.optional</string></Key><Value><ArrayOfFI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Md5</FT><V1>c:\users\spielzeugkiste\appdata\local\microsoft\windows\temporary internet files\content.ie5\dew01snp\sp-downloader[1].exe</V1><V2>13542014118651716426</V2><V3>0</V3><V4>9fb9d49c2db7edd1084ab765d619f5c6</V4><V5>4191506481026745088|CN=Conduit Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Conduit Ltd., L=Ness Ziona, S=Israel, C=IL</V5><WSS>None</WSS><PID>false</PID><CMP>Setup</CMP><DV>c:\users\spielzeugkiste\appdata\local\microsoft\windows\temporary internet files\content.ie5\dew01snp\sp-downloader[1].exe</DV><FA>FileSystem</FA><RBT>None</RBT><ID>224995</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Md5</FT><V1>c:\users\spielzeugkiste\appdata\local\microsoft\windows\temporary internet files\content.ie5\vp4xgcr1\wajam_download[1].exe</V1><V2>9571083419376551450</V2><V3>0</V3><V4>cdc339910694fd0c5befaac38261cd06</V4><V5>8836006376396468299|CN=Super Downloads, O=Super Downloads, STREET="4115, boul. St-Laurent", L=Montreal, S=Quebec, PostalCode=H2W 1Y7, C=CA</V5><WSS>None</WSS><PID>false</PID><CMP>Setup</CMP><DV>c:\users\spielzeugkiste\appdata\local\microsoft\windows\temporary internet files\content.ie5\vp4xgcr1\wajam_download[1].exe</DV><FA>FileSystem</FA><RBT>None</RBT><ID>224995</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Md5</FT><V1>c:\users\spielzeugkiste\downloads\dtlite4491-0356.exe</V1><V2>540936020168585518</V2><V3>0</V3><V4>0fa6cd1de96bde0431c1c91904f6d040</V4><V5>3648150783343392679|E=finpr@disc-soft.com, CN=Disc Soft Ltd, O=Disc Soft Ltd, L=Belize city, S=Belize, C=BZ</V5><WSS>None</WSS><PID>false</PID><CMP>Setup</CMP><DV>c:\users\spielzeugkiste\downloads\dtlite4491-0356.exe</DV><FA>FileSystem</FA><RBT>None</RBT><ID>224995</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>FilePaths</FT><V1>c:\program files (x86)\searchprotect\ui\bin\cltmngui.exe</V1><V2>0</V2><V3>1867419253719798889</V3><V4>e08bdcb2af67b0117fb34cf030f1e0ab</V4><V5>16695408316607162588|CN=ClientConnect LTD, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Search Protect, O=ClientConnect LTD, L=Ness Ziona, S=Israel, C=IL</V5><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV>c:\program files (x86)\searchprotect\ui\bin\cltmngui.exe</DV><FA>FileSystem</FA><RBT>None</RBT><ID>224995</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>FilePaths</FT><V1>c:\program files (x86)\searchprotect\main\bin\cltmngsvc.exe</V1><V2>0</V2><V3>9165669024270240022</V3><V4>cb963faf704f22473375856e3c2fcde3</V4><V5>16695408316607162588|CN=ClientConnect LTD, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Search Protect, O=ClientConnect LTD, L=Ness Ziona, S=Israel, C=IL</V5><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV>c:\program files (x86)\searchprotect\main\bin\cltmngsvc.exe</DV><FA>FileSystem</FA><RBT>None</RBT><ID>224995</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>FilePaths</FT><V1>c:\program files (x86)\searchprotect\main\bin\sptool.dll</V1><V2>0</V2><V3>2817149121034960714</V3><V4>7c1b2daee1d399955b979c0559fcea0b</V4><V5>16695408316607162588|CN=ClientConnect LTD, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Search Protect, O=ClientConnect LTD, L=Ness Ziona, S=Israel, C=IL</V5><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV>c:\program files (x86)\searchprotect\main\bin\sptool.dll</DV><FA>FileSystem</FA><RBT>None</RBT><ID>224995</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>FilePaths</FT><V1>c:\program files (x86)\searchprotect\main\bin\uninstall.exe</V1><V2>12196602830783144949</V2><V3>0</V3><V4>6b5b9dce3f762732273c76c3b99cb3ed</V4><V5>16695408316607162588|CN=ClientConnect LTD, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Search Protect, O=ClientConnect LTD, L=Ness Ziona, S=Israel, C=IL</V5><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV>c:\program files (x86)\searchprotect\main\bin\uninstall.exe</DV><FA>FileSystem</FA><RBT>None</RBT><ID>224995</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>FilePaths</FT><V1>c:\program files (x86)\searchprotect\searchprotect\bin\cltmng.exe</V1><V2>0</V2><V3>10005665891648556639</V3><V4>59f0fab281ee4cc5a7aeebbeaf8d0cd8</V4><V5>16695408316607162588|CN=ClientConnect LTD, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Search Protect, O=ClientConnect LTD, L=Ness Ziona, S=Israel, C=IL</V5><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV>c:\program files (x86)\searchprotect\searchprotect\bin\cltmng.exe</DV><FA>FileSystem</FA><RBT>None</RBT><ID>224995</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>FilePaths</FT><V1>c:\program files (x86)\searchprotect\searchprotect\bin\sptool64.exe</V1><V2>0</V2><V3>7001589678159849964</V3><V4>032596169d267577db6ba2e783f623f3</V4><V5>16695408316607162588|CN=ClientConnect LTD, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Search Protect, O=ClientConnect LTD, L=Ness Ziona, S=Israel, C=IL</V5><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV>c:\program files (x86)\searchprotect\searchprotect\bin\sptool64.exe</DV><FA>FileSystem</FA><RBT>None</RBT><ID>224995</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>FilePaths</FT><V1>c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll</V1><V2>0</V2><V3>13077810802415517986</V3><V4>75bff03e5b9b743d50dbad619dde063f</V4><V5>16695408316607162588|CN=ClientConnect LTD, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Search Protect, O=ClientConnect LTD, L=Ness Ziona, S=Israel, C=IL</V5><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV>c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll</DV><FA>FileSystem</FA><RBT>None</RBT><ID>224995</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>FilePaths</FT><V1>c:\program files (x86)\searchprotect\searchprotect\bin\spvc32loader.dll</V1><V2>0</V2><V3>17602909255633350204</V3><V4>9bbffb20f6a65214b52df4b714a711bc</V4><V5>16695408316607162588|CN=ClientConnect LTD, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Search Protect, O=ClientConnect LTD, L=Ness Ziona, S=Israel, C=IL</V5><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV>c:\program files (x86)\searchprotect\searchprotect\bin\spvc32loader.dll</DV><FA>FileSystem</FA><RBT>None</RBT><ID>224995</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>FilePaths</FT><V1>c:\program files (x86)\searchprotect\searchprotect\bin\spvc64.dll</V1><V2>0</V2><V3>8464737301211597023</V3><V4>e03013f23abac432b699b499b983a427</V4><V5>16695408316607162588|CN=ClientConnect LTD, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Search Protect, O=ClientConnect LTD, L=Ness Ziona, S=Israel, C=IL</V5><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV>c:\program files (x86)\searchprotect\searchprotect\bin\spvc64.dll</DV><FA>FileSystem</FA><RBT>None</RBT><ID>224995</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>FilePaths</FT><V1>c:\program files (x86)\searchprotect\searchprotect\bin\spvc64loader.dll</V1><V2>0</V2><V3>18418320366788650449</V3><V4>9d34c62ac86d6f9e110dc94dd93cd072</V4><V5>16695408316607162588|CN=ClientConnect LTD, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Search Protect, O=ClientConnect LTD, L=Ness Ziona, S=Israel, C=IL</V5><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV>c:\program files (x86)\searchprotect\searchprotect\bin\spvc64loader.dll</DV><FA>FileSystem</FA><RBT>None</RBT><ID>224995</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>FilePaths</FT><V1>c:\users\spielzeugkiste\appdata\local\searchprotect\searchprotect\rep\userrepository.dat</V1><V2>0</V2><V3>0</V3><V4>235301cffb91891a828313549ca2c4a9</V4><V5>0|</V5><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV>c:\users\spielzeugkiste\appdata\local\searchprotect\searchprotect\rep\userrepository.dat</DV><FA>FileSystem</FA><RBT>None</RBT><ID>224995</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>FilePaths</FT><V1>c:\users\spielzeugkiste\appdata\local\searchprotect\searchprotect\rep\usersettings.dat</V1><V2>0</V2><V3>0</V3><V4>3cea543465042e1e52ac404c0b227b58</V4><V5>0|</V5><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV>c:\users\spielzeugkiste\appdata\local\searchprotect\searchprotect\rep\usersettings.dat</DV><FA>FileSystem</FA><RBT>None</RBT><ID>224995</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>FilePaths</FT><V1>c:\users\spielzeugkiste\appdata\local\searchprotect\ui\rep\uirepository.dat</V1><V2>0</V2><V3>0</V3><V4>22eb70ecbd8e34bef345b50b7039cf7b</V4><V5>0|</V5><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV>c:\users\spielzeugkiste\appdata\local\searchprotect\ui\rep\uirepository.dat</DV><FA>FileSystem</FA><RBT>None</RBT><ID>224995</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_current_user</V1><V2>software\microsoft\internet explorer\searchscopes\{014db5fa-eafb-4592-a95b-f44d3ee87fa9}</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>224995</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_current_user</V1><V2>software\microsoft\internet explorer\searchscopes\{014db5fa-eafb-4592-a95b-f44d3ee87fa9}</V2><V3>url</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_current_user</V1><V2>software\microsoft\internet explorer\searchscopes\{014db5fa-eafb-4592-a95b-f44d3ee87fa9}</V2><V3>suggestionsurl_json</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_current_user</V1><V2>software\microsoft\internet explorer\searchscopes\{014db5fa-eafb-4592-a95b-f44d3ee87fa9}</V2><V3>displayname</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_current_user</V1><V2>software\microsoft\internet explorer\searchscopes\{014db5fa-eafb-4592-a95b-f44d3ee87fa9}</V2><V3>showsearchsuggestions</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_current_user</V1><V2>software\microsoft\internet explorer\searchscopes\{014db5fa-eafb-4592-a95b-f44d3ee87fa9}</V2><V3>deleted</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_current_user</V1><V2>software\wajam</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>224995</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_current_user</V1><V2>software\wajam</V2><V3>unique_id</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_current_user</V1><V2>software\wajam</V2><V3>affiliate_id</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\classes\typelib\{f126c9fc-9299-40f2-bd42-c59023ad1e7f}\1.0\0\win32</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>224995</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\classes\typelib\{f126c9fc-9299-40f2-bd42-c59023ad1e7f}\1.0\0</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>224995</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\classes\typelib\{f126c9fc-9299-40f2-bd42-c59023ad1e7f}\1.0\flags</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>224995</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\classes\typelib\{f126c9fc-9299-40f2-bd42-c59023ad1e7f}\1.0\helpdir</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>224995</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\classes\typelib\{f126c9fc-9299-40f2-bd42-c59023ad1e7f}\1.0</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>224995</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\classes\typelib\{f126c9fc-9299-40f2-bd42-c59023ad1e7f}</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>224995</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\microsoft\windows\currentversion\uninstall\searchprotect</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>224995</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\microsoft\windows\currentversion\uninstall\searchprotect</V2><V3>displayname</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\microsoft\windows\currentversion\uninstall\searchprotect</V2><V3>displayicon</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\microsoft\windows\currentversion\uninstall\searchprotect</V2><V3>displayversion</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\microsoft\windows\currentversion\uninstall\searchprotect</V2><V3>publisher</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\microsoft\windows\currentversion\uninstall\searchprotect</V2><V3>uninstallstring</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\microsoft\windows\currentversion\uninstall\wajam</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>224995</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\microsoft\windows\currentversion\uninstall\wajam</V2><V3>displayname</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\microsoft\windows\currentversion\uninstall\wajam</V2><V3>displayicon</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\microsoft\windows\currentversion\uninstall\wajam</V2><V3>uninstallstring</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\microsoft\windows\currentversion\uninstall\wajam</V2><V3>displayversion</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\microsoft\windows\currentversion\uninstall\wajam</V2><V3>urlinfoabout</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\microsoft\windows\currentversion\uninstall\wajam</V2><V3>publisher</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\searchprotect</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>224995</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\searchprotect</V2><V3>installdir</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\searchprotect</V2><V3>environment</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\wajam</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>224995</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\wajam</V2><V3>pxyupd</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\wajam\wajam internet enhancer</V2><V3 /><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\wajam\wajam internet enhancer</V2><V3>mid</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\wajam\wajam internet enhancer</V2><V3>uid</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\wajam\wajam internet enhancer</V2><V3>aid</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\wajam\wajam internet enhancer</V2><V3>aid2</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\wajam\wajam internet enhancer</V2><V3>install_timestamp</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\wajam\wajam internet enhancer</V2><V3>install_timestamp2</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\wajam\wajam internet enhancer</V2><V3>update_url</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\wajam\wajam internet enhancer</V2><V3>bih</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\wajam\wajam internet enhancer</V2><V3>ver</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\wajam\wajam internet enhancer</V2><V3>lp</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\wajam\wajam internet enhancer</V2><V3>dev_url</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\wajam\wajam internet enhancer</V2><V3>dev_reload</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>system\currentcontrolset\services\cltmngsvc</V2><V3 /><WSS>None</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>224995</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>system\currentcontrolset\services\cltmngsvc</V2><V3>type</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>system\currentcontrolset\services\cltmngsvc</V2><V3>start</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>system\currentcontrolset\services\cltmngsvc</V2><V3>errorcontrol</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>system\currentcontrolset\services\cltmngsvc</V2><V3>imagepath</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>system\currentcontrolset\services\cltmngsvc</V2><V3>displayname</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>system\currentcontrolset\services\cltmngsvc</V2><V3>wow64</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>system\currentcontrolset\services\cltmngsvc</V2><V3>objectname</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>system\currentcontrolset\services\cltmngsvc</V2><V3>dependonservice</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI><FI><C>Potentially Unwanted Application</C><TL>High</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>system\currentcontrolset\services\cltmngsvc</V2><V3>description</V3><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Registry</FA><RBT>None</RBT><ID>0</ID></FI></ArrayOfFI></Value></Item><Item><Key><string>Restricted Settings</string></Key><Value><ArrayOfFI><FI><C>Security Disabler </C><TL>Medium</TL><AP>NoActionTaken</AP><ActionToPerform>ChangeValue</ActionToPerform><FT>Registry</FT><V1>hkey_local_machine</V1><V2>software\clients\startmenuinternet\iexplore.exe\shell\open\command</V2><V3 /><V5>c:\program files (x86)\internet explorer\iexplore.exe</V5><WSS>No_Internet_Explorer</WSS><PID>true</PID><CMP>NotPacked</CMP><DV /><FA>WindowsSettings</FA><RBT>None</RBT><ID>0</ID></FI></ArrayOfFI></Value></Item><Item><Key><string>cookie.tracking-cookie</string></Key><Value><ArrayOfFI><FI><C>Tracking Cookies</C><TL>Low</TL><AP>NoActionTaken</AP><ActionToPerform>None</ActionToPerform><FT>Cookies</FT><V1>c:\users\spielzeugkiste\appdata\roaming\microsoft\windows\cookies\low\spielzeugkiste@tradedoubler[1].txt</V1><V2>bd2b9a79cfba8cd6279024f222cbe585</V2><V3 /><WSS>None</WSS><PID>false</PID><CMP>NotPacked</CMP><DV /><FA>Cookies</FA><RBT>None</RBT><ID>107591</ID></FI></ArrayOfFI></Value></Item></SerializableDictionaryOfStringListOfcFoundItems></log></info>

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Vielen Dank!

FRST.txt


FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by spielzeugkiste (administrator) on SPIELZEUGKISTE6 on 04-06-2014 10:03:41
Running from C:\Users\spielzeugkiste\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Wajam Internet Technologies Inc.) C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
() C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamHttpServer.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Users\spielzeugkiste\AppData\Roaming\InetStat\inetstat.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Dropbox, Inc.) C:\Users\spielzeugkiste\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Wajam Internet Technologies Inc.) C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancer.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Nico Mak Computing) C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7016520 2013-02-05] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2678784 2011-10-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-09] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1047542500-3454804941-1971452429-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1047542500-3454804941-1971452429-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21442176 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1047542500-3454804941-1971452429-1000\...\Run: [InetStat] => C:\Users\spielzeugkiste\AppData\Roaming\InetStat\inetstat.exe [1259488 2014-06-03] ()
HKU\S-1-5-21-1047542500-3454804941-1971452429-1000\...\MountPoints2: {3453fc36-cfbb-11e3-8538-dbc83f7b6896} - E:\DVDSetup.exe
HKU\S-1-5-21-1047542500-3454804941-1971452429-1000\...\MountPoints2: {a1e8345c-cf8b-11e3-a334-d43d7edf3804} - E:\SETUP.EXE
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [202560 2014-05-23] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [171840 2014-05-23] (Client Connect LTD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\spielzeugkiste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\spielzeugkiste\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:50074;https=127.0.0.1:50074
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3322283&octid=EB_ORIGINAL_CTID&ISID=M43121A60-E3BC-48F0-8F99-3AE56F65380E&SearchSource=55&CUI=&UM=5&UP=SP5B753F1D-654F-4C14-BD12-E988C6A28973&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9F804A119963CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3322283&octid=EB_ORIGINAL_CTID&ISID=M43121A60-E3BC-48F0-8F99-3AE56F65380E&SearchSource=58&CUI=&UM=5&UP=SP5B753F1D-654F-4C14-BD12-E988C6A28973&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3322283&octid=EB_ORIGINAL_CTID&ISID=M43121A60-E3BC-48F0-8F99-3AE56F65380E&SearchSource=58&CUI=&UM=5&UP=SP5B753F1D-654F-4C14-BD12-E988C6A28973&q={searchTerms}&SSPV=
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Avira Savings Advisor BHO - {A18A516C-AA41-46A9-92DB-60208917E442} - C:\Program Files (x86)\avira\Internet Explorer\avira32.dll ()
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)

Chrome: 
=======
CHR HomePage: hxxp://google.de/
CHR StartupUrls: "hxxp://www.trovi.com/?gd=&ctid=CT3322283&octid=EB_ORIGINAL_CTID&ISID=M43121A60-E3BC-48F0-8F99-3AE56F65380E&SearchSource=55&CUI=&UM=5&UP=SP5B753F1D-654F-4C14-BD12-E988C6A28973&SSPV=", "hxxp://www.google.de/"
CHR Extension: (Avira Sparberater) - C:\Users\spielzeugkiste\AppData\Local\Google\Chrome\User Data\Default\Extensions\cojnmaaohncijldefpkpkkakjonfmgeb [2014-06-03]
CHR Extension: (Google Wallet) - C:\Users\spielzeugkiste\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-29]
CHR HKLM-x32\...\Chrome\Extension: [cojnmaaohncijldefpkpkkakjonfmgeb] - C:\Program Files (x86)\avira\Chrome\avira-1.5.14.crx [2013-12-11]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-09] (Avira Operations GmbH & Co. KG)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2497856 2014-05-23] (Client Connect LTD)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 Wajam Internet Enhancer Service; C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe [293888 2014-05-21] (Wajam Internet Technologies Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-04-29] (Disc Soft Ltd)
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-04 10:03 - 2014-06-04 10:03 - 02068992 _____ (Farbar) C:\Users\spielzeugkiste\Downloads\FRST64.exe
2014-06-04 10:03 - 2014-06-04 10:03 - 00011225 _____ () C:\Users\spielzeugkiste\Downloads\FRST.txt
2014-06-04 10:03 - 2014-06-04 10:03 - 00000000 ____D () C:\FRST
2014-06-04 09:31 - 2014-06-04 09:31 - 00031813 _____ () C:\Users\spielzeugkiste\Desktop\log.xml
2014-06-04 09:09 - 2014-06-04 09:09 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-06-04 09:09 - 2014-06-04 09:09 - 00001193 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-06-04 09:09 - 2014-06-04 09:09 - 00000000 ____D () C:\Users\spielzeugkiste\AppData\Roaming\Nico Mak Computing
2014-06-04 09:09 - 2014-06-04 09:09 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-06-04 09:09 - 2014-06-04 09:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
2014-06-04 09:09 - 2014-06-04 09:09 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-06-04 09:09 - 2013-03-15 17:10 - 00020480 _____ () C:\Windows\system32\wsusnative64.exe
2014-06-04 09:08 - 2014-06-04 09:08 - 04892480 _____ (WinZip International LLC ) C:\Users\spielzeugkiste\Downloads\wzmp_8.exe
2014-06-03 17:30 - 2014-06-03 17:30 - 00005836 _____ () C:\Users\spielzeugkiste\Desktop\So funktionierts.odt
2014-06-03 16:14 - 2014-06-03 16:14 - 03584777 _____ () C:\Users\spielzeugkiste\Desktop\reBuy-PSD-Vorlagen.zip
2014-06-03 15:22 - 2014-06-03 15:38 - 00000000 ____D () C:\Users\spielzeugkiste\Downloads\Sam's work
2014-06-03 12:02 - 2014-06-03 12:01 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-06-03 12:01 - 2014-06-03 12:01 - 00003408 _____ () C:\Windows\System32\Tasks\aviraSWU
2014-06-03 12:00 - 2014-06-03 12:00 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-06-03 12:00 - 2014-06-03 12:00 - 00000000 ____D () C:\Users\spielzeugkiste\AppData\Roaming\Avira
2014-06-03 12:00 - 2014-06-03 12:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-06-03 11:59 - 2014-06-03 12:01 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-06-03 11:59 - 2014-06-03 11:59 - 00000000 ____D () C:\ProgramData\Avira
2014-06-03 11:59 - 2014-05-09 11:16 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-03 11:59 - 2014-05-09 11:16 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-03 11:59 - 2014-05-09 11:16 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-06-03 11:58 - 2014-06-03 11:58 - 137314600 _____ () C:\Users\spielzeugkiste\Downloads\avira_free_antivirus_de_642.exe
2014-06-03 10:41 - 2014-06-03 10:41 - 00000000 ____D () C:\Users\spielzeugkiste\AppData\Roaming\InetStat
2014-06-03 10:41 - 2014-06-03 10:41 - 00000000 ____D () C:\Users\spielzeugkiste\AppData\Local\SearchProtect
2014-06-03 10:41 - 2014-06-03 10:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam
2014-06-03 10:41 - 2014-06-03 10:41 - 00000000 ____D () C:\Program Files (x86)\Wajam
2014-06-03 10:41 - 2014-06-03 10:41 - 00000000 _____ () C:\end
2014-06-03 10:40 - 2014-06-03 10:41 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-06-03 10:40 - 2014-06-03 10:40 - 00000000 ____D () C:\Users\spielzeugkiste\AppData\Roaming\DELONGHI ESAM 5400 PERFECTA user guide
2014-06-03 10:32 - 2014-06-03 10:32 - 01859584 _____ () C:\Users\spielzeugkiste\Documents\image.jpeg
2014-05-30 16:36 - 2014-05-30 16:36 - 00001930 _____ () C:\Users\spielzeugkiste\AppData\Local\recently-used.xbel
2014-05-27 15:03 - 2014-05-27 15:04 - 00000000 ____D () C:\Users\spielzeugkiste\Desktop\REBUY LOGO
2014-05-27 14:32 - 2014-05-27 14:32 - 00001894 _____ () C:\Users\spielzeugkiste\Desktop\IrfanView Thumbnails.lnk
2014-05-27 14:32 - 2014-05-27 14:32 - 00001006 _____ () C:\Users\spielzeugkiste\Desktop\IrfanView.lnk
2014-05-27 14:32 - 2014-05-27 14:32 - 00000000 ____D () C:\Users\spielzeugkiste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-05-27 14:32 - 2014-05-27 14:32 - 00000000 ____D () C:\Users\spielzeugkiste\AppData\Roaming\IrfanView
2014-05-27 14:32 - 2014-05-27 14:32 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2014-05-27 14:31 - 2014-05-27 14:31 - 02179728 _____ (Irfan Skiljan) C:\Users\spielzeugkiste\Downloads\iview437g_setup.exe
2014-05-24 18:24 - 2014-05-24 18:24 - 00002183 _____ () C:\Users\spielzeugkiste\Downloads\Kontakte_GeburtstagMam.csv
2014-05-24 18:14 - 2014-05-24 18:23 - 00002183 _____ () C:\Users\spielzeugkiste\Downloads\ImportKontaktTabelle.csv
2014-05-24 18:12 - 2014-05-24 18:12 - 00013615 _____ () C:\Users\spielzeugkiste\Downloads\Mappe1.xlsx
2014-05-24 17:53 - 2014-05-24 17:53 - 00000000 ____D () C:\Users\spielzeugkiste\.thumbnails
2014-05-24 17:52 - 2014-05-24 19:53 - 00000000 ____D () C:\Users\spielzeugkiste\.gimp-2.8
2014-05-24 17:52 - 2014-05-24 17:52 - 00000000 ____D () C:\Users\spielzeugkiste\AppData\Local\gegl-0.2
2014-05-24 17:47 - 2014-05-24 17:47 - 00000894 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-05-24 17:47 - 2014-05-24 17:47 - 00000000 ____D () C:\Program Files\GIMP 2
2014-05-24 17:44 - 2014-05-24 17:44 - 90396104 _____ (The GIMP Team ) C:\Users\spielzeugkiste\Downloads\gimp-2.8.10-setup.exe
2014-05-24 17:15 - 2014-05-24 17:15 - 00000000 ____D () C:\Users\spielzeugkiste\AppData\Roaming\inkscape
2014-05-24 16:56 - 2014-05-24 16:56 - 00001055 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
2014-05-24 16:55 - 2014-05-24 16:55 - 00001011 _____ () C:\Users\Public\Desktop\Inkscape.lnk
2014-05-24 16:53 - 2014-05-24 16:56 - 00000000 ____D () C:\Program Files (x86)\Inkscape
2014-05-24 16:21 - 2014-05-24 16:21 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-05-22 14:20 - 2014-05-22 14:20 - 00047616 _____ () C:\Users\spielzeugkiste\Downloads\PST Blatt_Vorlage.xls
2014-05-22 14:20 - 2014-05-22 14:20 - 00042496 _____ () C:\Users\spielzeugkiste\Downloads\PST Blatt_Vorlage (1).xls
2014-05-22 08:55 - 2014-05-22 08:55 - 02413601 _____ () C:\Users\spielzeugkiste\Desktop\FB-Campaign-Graphics- EVA.zip
2014-05-21 11:51 - 2014-05-21 11:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-05-21 11:51 - 2014-05-21 11:51 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-05-20 14:43 - 2014-06-02 09:11 - 00000000 ____D () C:\Users\spielzeugkiste\Desktop\Momox
2014-05-20 14:43 - 2014-05-26 14:32 - 00000000 ____D () C:\Users\spielzeugkiste\Desktop\MSK
2014-05-20 14:43 - 2014-05-20 14:43 - 00000000 ____D () C:\Users\spielzeugkiste\Desktop\sonstiges
2014-05-20 14:42 - 2014-06-03 18:09 - 00000000 ____D () C:\Users\spielzeugkiste\Desktop\rebuy
2014-05-20 14:42 - 2014-06-03 17:00 - 00000000 ____D () C:\Users\spielzeugkiste\Desktop\facebook werbeanzeigen
2014-05-20 14:42 - 2014-05-30 16:05 - 00000000 ____D () C:\Users\spielzeugkiste\Desktop\newsletter bilder
2014-05-15 10:43 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 10:43 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 10:43 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 10:43 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 10:43 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 10:43 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 08:43 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 08:43 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 08:43 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 08:43 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 08:42 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 08:42 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 08:42 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 08:42 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 08:42 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 08:42 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 08:42 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 08:42 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 08:42 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 08:42 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 08:42 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 08:42 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 08:42 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 08:42 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 08:42 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 08:42 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 08:42 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 08:42 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 08:42 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 08:42 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 08:42 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 08:42 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 08:42 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 08:42 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 08:42 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 08:42 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 08:42 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 08:42 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 08:42 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 08:42 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 08:42 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 08:42 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 08:42 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 08:42 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 08:42 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 08:42 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 08:42 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 08:42 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 08:42 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 08:42 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 08:42 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 10:52 - 2014-05-14 10:52 - 00149504 _____ () C:\Users\spielzeugkiste\Downloads\Descriptive clothing vocabulary.ppt
2014-05-14 10:34 - 2014-05-14 10:34 - 00000000 __SHD () C:\Users\spielzeugkiste\AppData\Local\EmieUserList
2014-05-14 10:34 - 2014-05-14 10:34 - 00000000 __SHD () C:\Users\spielzeugkiste\AppData\Local\EmieSiteList
2014-05-13 09:11 - 2014-06-04 09:32 - 00000000 ____D () C:\Users\spielzeugkiste\AppData\Roaming\Skype
2014-05-13 09:11 - 2014-05-26 08:08 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-13 09:11 - 2014-05-26 08:08 - 00000000 ____D () C:\ProgramData\Skype
2014-05-13 09:11 - 2014-05-13 09:11 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-05-13 09:11 - 2014-05-13 09:11 - 00000000 ____D () C:\Users\spielzeugkiste\AppData\Local\Skype
2014-05-13 09:11 - 2014-05-13 09:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-13 09:06 - 2014-05-13 09:06 - 34827424 _____ (Skype Technologies S.A.) C:\Users\spielzeugkiste\Downloads\SkypeSetupFull6.14.73.104.exe
2014-05-13 03:06 - 2014-05-13 03:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-12 10:30 - 2014-06-04 09:51 - 00000000 ____D () C:\Users\spielzeugkiste\Documents\Outlook-Dateien
2014-05-12 09:41 - 2014-05-19 18:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-05-12 09:40 - 2014-05-12 09:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-05-12 09:40 - 2014-05-12 09:40 - 00000000 ____D () C:\Windows\PCHEALTH
2014-05-12 09:39 - 2014-05-12 09:39 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-05-12 09:39 - 2014-05-12 09:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-05-12 09:38 - 2014-05-12 09:38 - 00000000 __RHD () C:\MSOCache
2014-05-09 17:57 - 2014-05-09 17:57 - 00000000 ____D () C:\Users\spielzeugkiste\AppData\OICE_15_974FA576_32C1D314_DD7
2014-05-09 17:44 - 2014-05-09 17:44 - 00001350 _____ () C:\Users\spielzeugkiste\Desktop\baby.wpf
2014-05-09 17:37 - 2014-05-09 17:37 - 00000000 ____D () C:\Users\spielzeugkiste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\waterMark V2
2014-05-09 17:37 - 2014-05-09 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\waterMark V2
2014-05-09 17:37 - 2014-05-09 17:37 - 00000000 ____D () C:\Program Files (x86)\PMlabs
2014-05-09 17:36 - 2014-05-09 17:36 - 49859032 _____ () C:\Users\spielzeugkiste\Downloads\setup-contenta-converter-en-premium.exe
2014-05-09 17:36 - 2014-05-09 17:36 - 00629584 _____ (Chip Digital GmbH) C:\Users\spielzeugkiste\Downloads\waterMark V2 - CHIP-Downloader.exe
2014-05-07 14:28 - 2014-05-07 14:28 - 00049152 _____ () C:\Users\spielzeugkiste\Downloads\b7_balken_gespiegelt.xls
2014-05-07 11:27 - 2014-05-30 16:06 - 00000000 ____D () C:\Users\spielzeugkiste\Desktop\Bilder für facebook (free)
2014-05-06 12:01 - 2014-05-06 12:01 - 00002144 _____ () C:\Users\Public\Desktop\Brother Creative Center.lnk
2014-05-06 12:01 - 2014-05-06 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2014-05-06 12:01 - 2014-05-06 12:01 - 00000000 ____D () C:\Brother
2014-05-06 12:00 - 2014-05-06 12:01 - 00000000 ____D () C:\ProgramData\Brother
2014-05-06 12:00 - 2014-05-06 12:01 - 00000000 ____D () C:\Program Files (x86)\Browny02
2014-05-06 12:00 - 2014-05-06 12:00 - 00000000 ____D () C:\Users\spielzeugkiste\Downloads\install
2014-05-06 12:00 - 2014-05-06 12:00 - 00000000 ____D () C:\Users\spielzeugkiste\AppData\Roaming\InstallShield
2014-05-06 12:00 - 2014-05-06 12:00 - 00000000 ____D () C:\Program Files (x86)\Brother
2014-05-06 12:00 - 2012-04-24 18:04 - 00221184 _____ (Brother Industries, Ltd.) C:\Windows\system32\BRCOMB1A.DLL
2014-05-06 12:00 - 2010-11-17 10:28 - 00107888 _____ (Brother Industries Ltd) C:\Windows\SysWOW64\BRRBTOOL.EXE
2014-05-06 12:00 - 2010-04-02 07:33 - 00025299 _____ (Brother Industries, Ltd) C:\Windows\SysWOW64\BRLM03A.DLL
2014-05-06 12:00 - 2010-02-05 04:42 - 00180224 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BROSNMP.DLL
2014-05-06 12:00 - 2005-01-17 09:10 - 00045056 _____ () C:\Windows\SysWOW64\BRTCPCON.DLL
2014-05-06 12:00 - 2004-08-09 09:00 - 00000114 _____ () C:\Windows\SysWOW64\BRLMW03A.INI
2014-05-06 12:00 - 2004-08-09 08:42 - 00077824 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BRLMW03A.DLL
2014-05-06 12:00 - 1999-10-26 18:00 - 00000050 _____ () C:\Windows\system32\BRADM11A.DAT
2014-05-06 11:59 - 2014-05-06 11:59 - 31184072 _____ (A.I.SOFT,INC.) C:\Users\spielzeugkiste\Downloads\HL-5450DN-inst-B1-euus.EXE
2014-05-05 17:12 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

==================== One Month Modified Files and Folders =======

2014-06-04 10:03 - 2014-06-04 10:03 - 02068992 _____ (Farbar) C:\Users\spielzeugkiste\Downloads\FRST64.exe
2014-06-04 10:03 - 2014-06-04 10:03 - 00011225 _____ () C:\Users\spielzeugkiste\Downloads\FRST.txt
2014-06-04 10:03 - 2014-06-04 10:03 - 00000000 ____D () C:\FRST
2014-06-04 10:03 - 2014-04-29 12:29 - 00000000 ____D () C:\Users\spielzeugkiste\AppData\Local\Temp
2014-06-04 09:51 - 2014-05-12 10:30 - 00000000 ____D () C:\Users\spielzeugkiste\Documents\Outlook-Dateien
2014-06-04 09:46 - 2014-04-29 13:16 - 00000000 ____D () C:\Users\spielzeugkiste\AppData\Roaming\Dropbox
2014-06-04 09:32 - 2014-05-13 09:11 - 00000000 ____D () C:\Users\spielzeugkiste\AppData\Roaming\Skype
2014-06-04 09:31 - 2014-06-04 09:31 - 00031813 _____ () C:\Users\spielzeugkiste\Desktop\log.xml
2014-06-04 09:24 - 2014-04-29 12:29 - 01124301 _____ () C:\Windows\WindowsUpdate.log
2014-06-04 09:12 - 2009-07-14 06:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-04 09:12 - 2009-07-14 06:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-04 09:10 - 2014-04-29 12:53 - 00001126 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-04 09:10 - 2011-04-12 09:43 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-06-04 09:10 - 2011-04-12 09:43 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-06-04 09:10 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-04 09:09 - 2014-06-04 09:09 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-06-04 09:09 - 2014-06-04 09:09 - 00001193 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-06-04 09:09 - 2014-06-04 09:09 - 00000000 ____D () C:\Users\spielzeugkiste\AppData\Roaming\Nico Mak Computing
2014-06-04 09:09 - 2014-06-04 09:09 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-06-04 09:09 - 2014-06-04 09:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
2014-06-04 09:09 - 2014-06-04 09:09 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-06-04 09:08 - 2014-06-04 09:08 - 04892480 _____ (WinZip International LLC ) C:\Users\spielzeugkiste\Downloads\wzmp_8.exe
2014-06-04 09:05 - 2014-04-29 13:18 - 00000000 ___RD () C:\Users\spielzeugkiste\Dropbox
2014-06-04 09:05 - 2014-04-29 13:17 - 00000000 ____D () C:\Users\spielzeugkiste\AppData\Roaming\DropboxMaster
2014-06-04 09:05 - 2014-04-29 12:52 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-04 09:04 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-04 09:04 - 2009-07-14 06:51 - 00031278 _____ () C:\Windows\setupact.log
2014-06-03 18:09 - 2014-05-20 14:42 - 00000000 ____D () C:\Users\spielzeugkiste\Desktop\rebuy
2014-06-03 17:30 - 2014-06-03 17:30 - 00005836 _____ () C:\Users\spielzeugkiste\Desktop\So funktionierts.odt
2014-06-03 17:00 - 2014-05-20 14:42 - 00000000 ____D () C:\Users\spielzeugkiste\Desktop\facebook werbeanzeigen
2014-06-03 16:14 - 2014-06-03 16:14 - 03584777 _____ () C:\Users\spielzeugkiste\Desktop\reBuy-PSD-Vorlagen.zip
2014-06-03 15:38 - 2014-06-03 15:22 - 00000000 ____D () C:\Users\spielzeugkiste\Downloads\Sam's work
2014-06-03 13:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-03 12:10 - 2010-11-21 05:47 - 00132420 _____ () C:\Windows\PFRO.log
2014-06-03 12:01 - 2014-06-03 12:02 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-06-03 12:01 - 2014-06-03 12:01 - 00003408 _____ () C:\Windows\System32\Tasks\aviraSWU
2014-06-03 12:01 - 2014-06-03 11:59 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-06-03 12:00 - 2014-06-03 12:00 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-06-03 12:00 - 2014-06-03 12:00 - 00000000 ____D () C:\Users\spielzeugkiste\AppData\Roaming\Avira
2014-06-03 12:00 - 2014-06-03 12:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-06-03 11:59 - 2014-06-03 11:59 - 00000000 ____D () C:\ProgramData\Avira
2014-06-03 11:58 - 2014-06-03 11:58 - 137314600 _____ () C:\Users\spielzeugkiste\Downloads\avira_free_antivirus_de_642.exe
2014-06-03 10:41 - 2014-06-03 10:41 - 00000000 ____D () C:\Users\spielzeugkiste\AppData\Roaming\InetStat
2014-06-03 10:41 - 2014-06-03 10:41 - 00000000 ____D () C:\Users\spielzeugkiste\AppData\Local\SearchProtect
2014-06-03 10:41 - 2014-06-03 10:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam
2014-06-03 10:41 - 2014-06-03 10:41 - 00000000 ____D () C:\Program Files (x86)\Wajam
2014-06-03 10:41 - 2014-06-03 10:41 - 00000000 _____ () C:\end
2014-06-03 10:41 - 2014-06-03 10:40 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-06-03 10:40 - 2014-06-03 10:40 - 00000000 ____D () C:\Users\spielzeugkiste\AppData\Roaming\DELONGHI ESAM 5400 PERFECTA user guide
2014-06-03 10:32 - 2014-06-03 10:32 - 01859584 _____ () C:\Users\spielzeugkiste\Documents\image.jpeg
2014-06-02 09:11 - 2014-05-20 14:43 - 00000000 ____D () C:\Users\spielzeugkiste\Desktop\Momox
2014-06-02 08:19 - 2009-07-14 06:45 - 00445392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-30 16:36 - 2014-05-30 16:36 - 00001930 _____ () C:\Users\spielzeugkiste\AppData\Local\recently-used.xbel
2014-05-30 16:06 - 2014-05-07 11:27 - 00000000 ____D () C:\Users\spielzeugkiste\Desktop\Bilder für facebook (free)
2014-05-30 16:05 - 2014-05-20 14:42 - 00000000 ____D () C:\Users\spielzeugkiste\Desktop\newsletter bilder
2014-05-30 12:11 - 2014-04-29 12:52 - 00111928 _____ () C:\Users\spielzeugkiste\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-27 15:04 - 2014-05-27 15:03 - 00000000 ____D () C:\Users\spielzeugkiste\Desktop\REBUY LOGO
2014-05-27 14:32 - 2014-05-27 14:32 - 00001894 _____ () C:\Users\spielzeugkiste\Desktop\IrfanView Thumbnails.lnk
2014-05-27 14:32 - 2014-05-27 14:32 - 00001006 _____ () C:\Users\spielzeugkiste\Desktop\IrfanView.lnk
2014-05-27 14:32 - 2014-05-27 14:32 - 00000000 ____D () C:\Users\spielzeugkiste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-05-27 14:32 - 2014-05-27 14:32 - 00000000 ____D () C:\Users\spielzeugkiste\AppData\Roaming\IrfanView
2014-05-27 14:32 - 2014-05-27 14:32 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2014-05-27 14:31 - 2014-05-27 14:31 - 02179728 _____ (Irfan Skiljan) C:\Users\spielzeugkiste\Downloads\iview437g_setup.exe
2014-05-26 14:32 - 2014-05-20 14:43 - 00000000 ____D () C:\Users\spielzeugkiste\Desktop\MSK
2014-05-26 08:08 - 2014-05-13 09:11 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-26 08:08 - 2014-05-13 09:11 - 00000000 ____D () C:\ProgramData\Skype
2014-05-24 19:53 - 2014-05-24 17:52 - 00000000 ____D () C:\Users\spielzeugkiste\.gimp-2.8
2014-05-24 18:24 - 2014-05-24 18:24 - 00002183 _____ () C:\Users\spielzeugkiste\Downloads\Kontakte_GeburtstagMam.csv
2014-05-24 18:23 - 2014-05-24 18:14 - 00002183 _____ () C:\Users\spielzeugkiste\Downloads\ImportKontaktTabelle.csv
2014-05-24 18:12 - 2014-05-24 18:12 - 00013615 _____ () C:\Users\spielzeugkiste\Downloads\Mappe1.xlsx
2014-05-24 17:53 - 2014-05-24 17:53 - 00000000 ____D () C:\Users\spielzeugkiste\.thumbnails
2014-05-24 17:53 - 2014-04-29 12:29 - 00000000 ____D () C:\Users\spielzeugkiste
2014-05-24 17:52 - 2014-05-24 17:52 - 00000000 ____D () C:\Users\spielzeugkiste\AppData\Local\gegl-0.2
2014-05-24 17:47 - 2014-05-24 17:47 - 00000894 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-05-24 17:47 - 2014-05-24 17:47 - 00000000 ____D () C:\Program Files\GIMP 2
2014-05-24 17:44 - 2014-05-24 17:44 - 90396104 _____ (The GIMP Team ) C:\Users\spielzeugkiste\Downloads\gimp-2.8.10-setup.exe
2014-05-24 17:15 - 2014-05-24 17:15 - 00000000 ____D () C:\Users\spielzeugkiste\AppData\Roaming\inkscape
2014-05-24 16:56 - 2014-05-24 16:56 - 00001055 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
2014-05-24 16:56 - 2014-05-24 16:53 - 00000000 ____D () C:\Program Files (x86)\Inkscape
2014-05-24 16:55 - 2014-05-24 16:55 - 00001011 _____ () C:\Users\Public\Desktop\Inkscape.lnk
2014-05-24 16:30 - 2014-04-29 13:18 - 00001006 _____ () C:\Users\spielzeugkiste\Desktop\Dropbox.lnk
2014-05-24 16:30 - 2014-04-29 13:17 - 00000000 ____D () C:\Users\spielzeugkiste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-24 16:30 - 2014-04-29 12:29 - 00000000 ___RD () C:\Users\spielzeugkiste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-24 16:21 - 2014-05-24 16:21 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-05-23 09:22 - 2014-04-29 12:53 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-22 14:20 - 2014-05-22 14:20 - 00047616 _____ () C:\Users\spielzeugkiste\Downloads\PST Blatt_Vorlage.xls
2014-05-22 14:20 - 2014-05-22 14:20 - 00042496 _____ () C:\Users\spielzeugkiste\Downloads\PST Blatt_Vorlage (1).xls
2014-05-22 08:55 - 2014-05-22 08:55 - 02413601 _____ () C:\Users\spielzeugkiste\Desktop\FB-Campaign-Graphics- EVA.zip
2014-05-22 08:55 - 2014-05-02 10:41 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-21 11:51 - 2014-05-21 11:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-05-21 11:51 - 2014-05-21 11:51 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-05-21 11:51 - 2014-05-02 10:41 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-05-21 11:51 - 2014-05-02 10:41 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-05-21 11:51 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-20 14:43 - 2014-05-20 14:43 - 00000000 ____D () C:\Users\spielzeugkiste\Desktop\sonstiges
2014-05-19 18:36 - 2014-05-12 09:41 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-05-19 18:36 - 2014-04-29 12:56 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 14:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 11:04 - 2014-04-29 12:29 - 00000000 ___RD () C:\Users\spielzeugkiste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 11:03 - 2014-05-02 08:03 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 11:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-15 10:38 - 2009-07-14 04:34 - 00000478 _____ () C:\Windows\win.ini
2014-05-14 11:37 - 2014-04-29 12:56 - 00000000 ____D () C:\Users\spielzeugkiste\AppData\Local\Microsoft Help
2014-05-14 10:52 - 2014-05-14 10:52 - 00149504 _____ () C:\Users\spielzeugkiste\Downloads\Descriptive clothing vocabulary.ppt
2014-05-14 10:34 - 2014-05-14 10:34 - 00000000 __SHD () C:\Users\spielzeugkiste\AppData\Local\EmieUserList
2014-05-14 10:34 - 2014-05-14 10:34 - 00000000 __SHD () C:\Users\spielzeugkiste\AppData\Local\EmieSiteList
2014-05-13 09:11 - 2014-05-13 09:11 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-05-13 09:11 - 2014-05-13 09:11 - 00000000 ____D () C:\Users\spielzeugkiste\AppData\Local\Skype
2014-05-13 09:11 - 2014-05-13 09:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-13 09:06 - 2014-05-13 09:06 - 34827424 _____ (Skype Technologies S.A.) C:\Users\spielzeugkiste\Downloads\SkypeSetupFull6.14.73.104.exe
2014-05-13 03:06 - 2014-05-13 03:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-12 09:41 - 2014-05-12 09:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-05-12 09:41 - 2011-04-12 09:55 - 00000000 ____D () C:\Windows\ShellNew
2014-05-12 09:40 - 2014-05-12 09:40 - 00000000 ____D () C:\Windows\PCHEALTH
2014-05-12 09:40 - 2014-04-29 12:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-05-12 09:39 - 2014-05-12 09:39 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-05-12 09:39 - 2014-05-12 09:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-05-12 09:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-05-12 09:38 - 2014-05-12 09:38 - 00000000 __RHD () C:\MSOCache
2014-05-09 17:57 - 2014-05-09 17:57 - 00000000 ____D () C:\Users\spielzeugkiste\AppData\OICE_15_974FA576_32C1D314_DD7
2014-05-09 17:44 - 2014-05-09 17:44 - 00001350 _____ () C:\Users\spielzeugkiste\Desktop\baby.wpf
2014-05-09 17:37 - 2014-05-09 17:37 - 00000000 ____D () C:\Users\spielzeugkiste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\waterMark V2
2014-05-09 17:37 - 2014-05-09 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\waterMark V2
2014-05-09 17:37 - 2014-05-09 17:37 - 00000000 ____D () C:\Program Files (x86)\PMlabs
2014-05-09 17:36 - 2014-05-09 17:36 - 49859032 _____ () C:\Users\spielzeugkiste\Downloads\setup-contenta-converter-en-premium.exe
2014-05-09 17:36 - 2014-05-09 17:36 - 00629584 _____ (Chip Digital GmbH) C:\Users\spielzeugkiste\Downloads\waterMark V2 - CHIP-Downloader.exe
2014-05-09 11:16 - 2014-06-03 11:59 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-09 11:16 - 2014-06-03 11:59 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-09 11:16 - 2014-06-03 11:59 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-05-09 08:14 - 2014-05-15 08:43 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-15 08:43 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 08:05 - 2014-04-29 12:53 - 00004122 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 08:05 - 2014-04-29 12:53 - 00003870 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-07 14:28 - 2014-05-07 14:28 - 00049152 _____ () C:\Users\spielzeugkiste\Downloads\b7_balken_gespiegelt.xls
2014-05-06 12:01 - 2014-05-06 12:01 - 00002144 _____ () C:\Users\Public\Desktop\Brother Creative Center.lnk
2014-05-06 12:01 - 2014-05-06 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2014-05-06 12:01 - 2014-05-06 12:01 - 00000000 ____D () C:\Brother
2014-05-06 12:01 - 2014-05-06 12:00 - 00000000 ____D () C:\ProgramData\Brother
2014-05-06 12:01 - 2014-05-06 12:00 - 00000000 ____D () C:\Program Files (x86)\Browny02
2014-05-06 12:00 - 2014-05-06 12:00 - 00000000 ____D () C:\Users\spielzeugkiste\Downloads\install
2014-05-06 12:00 - 2014-05-06 12:00 - 00000000 ____D () C:\Users\spielzeugkiste\AppData\Roaming\InstallShield
2014-05-06 12:00 - 2014-05-06 12:00 - 00000000 ____D () C:\Program Files (x86)\Brother
2014-05-06 12:00 - 2014-04-29 12:42 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-06 11:59 - 2014-05-06 11:59 - 31184072 _____ (A.I.SOFT,INC.) C:\Users\spielzeugkiste\Downloads\HL-5450DN-inst-B1-euus.EXE
2014-05-06 06:40 - 2014-05-15 10:43 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-15 10:43 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-15 10:43 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-15 10:43 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-15 10:43 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 10:43 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

Some content of TEMP:
====================
C:\Users\spielzeugkiste\AppData\Local\Temp\avgnt.exe
C:\Users\spielzeugkiste\AppData\Local\Temp\devcon64.exe
C:\Users\spielzeugkiste\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpg8ruud.dll
C:\Users\spielzeugkiste\AppData\Local\Temp\nseE46F.exe
C:\Users\spielzeugkiste\AppData\Local\Temp\nsoC23B.exe
C:\Users\spielzeugkiste\AppData\Local\Temp\nsuBF4E.exe
C:\Users\spielzeugkiste\AppData\Local\Temp\nsuE172.exe
C:\Users\spielzeugkiste\AppData\Local\Temp\ose00000.exe
C:\Users\spielzeugkiste\AppData\Local\Temp\ose00002.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 11:43

==================== End Of Log ============================
         

--- --- ---

--- --- ---


Addition.txt:

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014
Ran by spielzeugkiste at 2014-06-04 10:03:58
Running from C:\Users\spielzeugkiste\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
Avira Savings Advisor (HKLM-x32\...\{A18A516C-AA41-46A9-92DB-60208917E442}) (Version: 1.5.14 - Avira) <==== ATTENTION
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{341FFD7F-3127-466D-88F7-CE4DE78A48F1}) (Version:  - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
HL-5450DN (HKLM-x32\...\{7171B206-5C5A-4B7F-B9E1-1F1827FC769F}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
InetStat (HKCU\...\InetStat) (Version: 0.4 - InetStat)
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft DCF MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 64-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Word MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 3.65 - Realtek Semiconductor Corp.)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.13.3.38 - Client Connect LTD) <==== ATTENTION
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Update for Microsoft Excel 2013 (KB2880475) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{830E5E0C-B48A-4FBE-83BE-28418740DED5}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2880475) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{830E5E0C-B48A-4FBE-83BE-28418740DED5}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2880475) 32-Bit Edition (HKLM-x32\...\{90150000-001B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{830E5E0C-B48A-4FBE-83BE-28418740DED5}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2880475) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{830E5E0C-B48A-4FBE-83BE-28418740DED5}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2880475) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{830E5E0C-B48A-4FBE-83BE-28418740DED5}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2817678) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{7FBE2D23-9F3C-4983-B927-2A4BF600B7A7}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2880980) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{A10C00F8-0A83-4A74-86C5-3D0F9879E101}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2880980) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{A10C00F8-0A83-4A74-86C5-3D0F9879E101}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2880980) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{A10C00F8-0A83-4A74-86C5-3D0F9879E101}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{A7610F07-E844-4444-8E1D-D5BC8AD0B4C5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{45B7D395-EB9B-414F-9E46-5849B42326E2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{66421820-D3CA-450A-898C-78D7E40108E6}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2826040) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{B7EA8070-C37F-4617-82F4-52CF3304595A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827272) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{5A645CF3-3C40-4172-BCEB-19E3FC855266}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827272) 32-Bit Edition (HKLM-x32\...\{90150000-0090-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{5A645CF3-3C40-4172-BCEB-19E3FC855266}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827272) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{5A645CF3-3C40-4172-BCEB-19E3FC855266}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{9BC5FF1D-9626-44D7-BC7F-EB44BD8BDB9F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863825) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{96754DD8-5AF9-4CF8-A5A9-19770CD9AFBC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863844) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{8AEAF88E-A488-4C1E-B10D-F00143BA650F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880464) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{06EF2BF7-7351-4D70-A0D5-588FCCF9808D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880476) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{DDF64A37-8E32-406E-A94C-9F5B03661A21}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880476) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{DDF64A37-8E32-406E-A94C-9F5B03661A21}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7C5CEE0F-6823-4BB7-A28F-76FEC14EB6AC}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2880480) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{7655E7AA-268C-4F74-AC05-8D56F75C664A}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2880480) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{7655E7AA-268C-4F74-AC05-8D56F75C664A}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2880480) 32-Bit Edition (HKLM-x32\...\{90150000-00BA-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{7655E7AA-268C-4F74-AC05-8D56F75C664A}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2880480) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7655E7AA-268C-4F74-AC05-8D56F75C664A}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2817628) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{DF36A224-4C72-4FF4-9961-CD4873DDAE6C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2817628) 32-Bit Edition (HKLM-x32\...\{90150000-00A1-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{DF36A224-4C72-4FF4-9961-CD4873DDAE6C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2817628) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{DF36A224-4C72-4FF4-9961-CD4873DDAE6C}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2878315) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{47A62B15-D0BF-4A2E-BCE2-939DB491D387}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2878315) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{47A62B15-D0BF-4A2E-BCE2-939DB491D387}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2726952) 32-Bit Edition (HKLM-x32\...\{90150000-0019-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{173C8CEB-B73E-4C38-AF3A-05EA5BB860D4}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2726952) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{173C8CEB-B73E-4C38-AF3A-05EA5BB860D4}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{A7CD05CC-CA85-428C-91FD-74A908D126E1}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2880455) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{BCF1F149-B9D9-49D9-B829-FCDA37F7FF0C}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2880455) 32-Bit Edition (HKLM-x32\...\{90150000-001B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{BCF1F149-B9D9-49D9-B829-FCDA37F7FF0C}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2880455) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{BCF1F149-B9D9-49D9-B829-FCDA37F7FF0C}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2880455) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{BCF1F149-B9D9-49D9-B829-FCDA37F7FF0C}) (Version:  - Microsoft)
Wajam (HKLM-x32\...\Wajam) (Version: 2.9 (i2.0) - Wajam) <==== ATTENTION
waterMark V2 (HKLM-x32\...\waterMark V2) (Version:  - )
WinZip Malware Protector (HKLM-x32\...\WinZip Malware Protector_is1) (Version: 2.1.1000.10798 - WinZip International LLC)

==================== Restore Points  =========================

19-05-2014 16:35:31 Windows Update
23-05-2014 06:36:53 Windows Update
30-05-2014 06:26:30 Windows Update
03-06-2014 07:25:23 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2407CA7A-3997-451C-BF79-2A90124B0D33} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {4D8F4A45-9BBB-4B3E-AF95-C4DE0616FC98} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-29] (Google Inc.)
Task: {7C6F5E93-5D84-421E-99B4-4193E2E23C52} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-29] (Google Inc.)
Task: {857E7323-4647-40A4-A7F5-4CF17EC2B02B} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe [2013-07-15] (Nico Mak Computing)
Task: {989E8322-693F-4A36-B2E4-BCDCDD94363C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {B5E6F868-9675-4C14-9F66-93E85C40F60A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {DDFF0CE4-23D0-4984-88F7-9742AD494B88} - System32\Tasks\aviraSWU => Cscript.exe "C:\Program Files (x86)\avira\Internet Explorer\swu.vbs"
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-05-21 19:17 - 2014-05-21 19:17 - 00047616 _____ () C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamHttpServer.exe
2014-06-03 10:41 - 2014-06-03 10:40 - 01259488 _____ () C:\Users\spielzeugkiste\AppData\Roaming\InetStat\inetstat.exe
2014-06-04 09:05 - 2014-06-04 09:05 - 00043008 _____ () C:\Users\spielzeugkiste\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpg8ruud.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\spielzeugkiste\AppData\Roaming\Dropbox\bin\libcef.dll
2014-05-06 12:00 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-06-04 09:09 - 2013-02-28 16:53 - 00886272 _____ () C:\Program Files (x86)\WinZip Malware Protector\System.Data.SQLite.dll
2014-06-04 09:09 - 2013-07-15 16:53 - 01717936 _____ () C:\Program Files (x86)\WinZip Malware Protector\aspsys.dll
2014-06-04 09:09 - 2013-02-28 16:53 - 00168448 _____ () C:\Program Files (x86)\WinZip Malware Protector\UNRAR.DLL
2014-05-23 09:22 - 2014-05-14 01:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-23 09:22 - 2014-05-14 01:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-05-23 09:22 - 2014-05-14 01:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
2014-04-29 12:59 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\spielzeugkiste\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-29 12:59 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\spielzeugkiste\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2014-01-23 15:55 - 2014-01-23 15:55 - 01030312 _____ () C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/04/2014 09:05:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/04/2014 08:57:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm OUTLOOK.EXE, Version 15.0.4615.1000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: ba4

Startzeit: 01cf7fbd349a468e

Endzeit: 0

Anwendungspfad: C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE

Berichts-ID: 7f6e4659-ebb5-11e3-830a-d43d7edf3804

Error: (06/04/2014 08:47:24 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (06/04/2014 08:20:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2014 06:10:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm OUTLOOK.EXE, Version 15.0.4615.1000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1200

Startzeit: 01cf7f3ece87e1b9

Endzeit: 36

Anwendungspfad: C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE

Berichts-ID: 7f34035a-eb39-11e3-8217-d43d7edf3804

Error: (06/03/2014 05:16:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm OUTLOOK.EXE, Version 15.0.4615.1000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 268

Startzeit: 01cf7f3e956b4b64

Endzeit: 15

Anwendungspfad: C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE

Berichts-ID: fd1b0f7a-eb31-11e3-8217-d43d7edf3804

Error: (06/03/2014 02:53:38 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (06/03/2014 01:17:17 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (06/03/2014 00:10:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2014 10:13:09 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005


System errors:
=============
Error: (06/03/2014 01:55:03 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 48.

Error: (06/03/2014 01:55:02 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 48.

Error: (06/03/2014 01:53:01 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 48.

Error: (06/03/2014 01:53:00 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 48.

Error: (06/03/2014 01:52:00 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 48.

Error: (06/03/2014 01:52:00 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 48.

Error: (06/03/2014 01:51:34 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 48.

Error: (06/03/2014 01:51:34 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 48.

Error: (06/03/2014 01:51:15 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (06/03/2014 01:51:10 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 48.


Microsoft Office Sessions:
=========================
Error: (06/04/2014 09:05:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/04/2014 08:57:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OUTLOOK.EXE15.0.4615.1000ba401cf7fbd349a468e0C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE7f6e4659-ebb5-11e3-830a-d43d7edf3804

Error: (06/04/2014 08:47:24 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (06/04/2014 08:20:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2014 06:10:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OUTLOOK.EXE15.0.4615.1000120001cf7f3ece87e1b936C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE7f34035a-eb39-11e3-8217-d43d7edf3804

Error: (06/03/2014 05:16:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OUTLOOK.EXE15.0.4615.100026801cf7f3e956b4b6415C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXEfd1b0f7a-eb31-11e3-8217-d43d7edf3804

Error: (06/03/2014 02:53:38 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (06/03/2014 01:17:17 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (06/03/2014 00:10:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2014 10:13:09 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005


==================== Memory info =========================== 

Percentage of memory in use: 51%
Total physical RAM: 3961.15 MB
Available physical RAM: 1917.52 MB
Total Pagefile: 7920.48 MB
Available Pagefile: 5679.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:117.28 GB) (Free:29.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 117 GB) (Disk ID: 192D5358)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=117 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Hat sich erledigt, danke!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code: Alles auswählenAufklappen

ATTFilter

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:50074;https=127.0.0.1:50074
HKU\S-1-5-21-1047542500-3454804941-1971452429-1000\...\Run: [InetStat] => C:\Users\spielzeugkiste\AppData\Roaming\InetStat\inetstat.exe [1259488 2014-06-03] ()
C:\Users\spielzeugkiste\AppData\Roaming\InetStat
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

• Starte nun FRST erneut und klicke den Entfernen Button.
• Das Tool erstellt eine Fixlog.txt.
• Poste mir deren Inhalt.

Adware & Co. deinstallieren

• Lade Dir bitte von hier Revo Uninstaller herunter.
• Installiere und starte das Programm.
• Suche im Uninstallerfeld nach den Programmen, die unter:
  
  diesen Zusatz haben:
  
• Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
• Wähle anschließend den Modus "Moderat" aus.
  
• Reste löschen:
  Klicke auf dann auf und dann auf .

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:




Downloade Dir bitte Malwarebytes Anti-Malware

• Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
• Starte Malwarebytes' Anti-Malware (MBAM).
• Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
• Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
• Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
• Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
• Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
• Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

• Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
• Drücke eine beliebige Taste, um das Tool zu starten.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.