Win7 64bit "Windows Version installer, Continue VuuPC Installation, MyPC Backup, Advanced System Protector,..."

Joe04 · 01.07.2014, 22:14

Hallo liebe trojaner-board admins,

bin relativ gestresst und versuche mich beherrscht und zielorientiert zu äußern.

Habe heute irgend ein update runtergeladen (weiß nicht mehr wozu) und installiert.
Damit haben sich etliche andere Programme installiert und vordern mich ständig zum runterladen, updaten, ... auf.

Vor allem dieser "Windows Version Installer 2011-2014" macht mich völlig kirre.
Hab bisher nur versucht die Prozesse immer zu löschen... reicht natürlich nicht.
Bin also über google bei euch gelandet und hab schonmal probiert mich vorzubereiten.

Schritt 1 war nicht durchführbar. Defogger download ok. Der Installationsvorgang war ne katastrophe! Wohin installiert der? unendlich viel werbung. Mein Browser(Mozilla) wird relativ vollgespamt. Kann das Programm also nicht öffnen/finden.

Schritt 2 das Selbe. Sogar die download Datei ist die Selbe.

Fühl mich bei euch nicht wirklich gut aufgehoben.
Stark verunsichert und hab keine Nerven mehr.

deeprybka · 01.07.2014, 23:15

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
Speichere alle unsere Tools auf dem Desktop ab.
Poste die Logfiles direkt in Deinen Thread in Code-Tags.
Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.

Los geht's:

Schritt 1

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Joe04 · 02.07.2014, 07:53

Hallo Jürgen,

würde mich selbst nicht unbedingt als völlig unfähig beschreiben aber gerade bist du meine letzte Hoffnung.
Habe versucht dieses FRST runterzuladen:
Die Datei hieß einfach nur "Setup" und hat weitere Programme bei mir installiert wie "System Speedup" und andere die ich nicht direkt erkenne.

Sollte FRST für "freeSOFTtoday" stehen, dann ist es installiert.
Das Programm scheint aber eher ein Download Programm zu sein für weitere Malware.

Komme nicht weiter:

Programm sieht so aus: siehe Anhang

Edit: Ok habs gerafft: Bin doch wohl zu blöd

Joe04 · 02.07.2014, 08:13

FRST Log:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2014
Ran by Joe (administrator) on JOE´S-PC on 02-07-2014 08:59:45
Running from C:\Users\Joe\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(HQTop-1.6) C:\Program Files (x86)\HQube-V1.6\29d989c7-1a71-4010-8cd0-9237e6a26eb4-10.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
() C:\Program Files (x86)\-Re_Markable\Re-markitSl174.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Users\Joe\AppData\Roaming\VOPackage\VOsrv.exe
() C:\Program Files (x86)\CB78F643-3729-434F-8C25-F28D15F025F3\SupraSavingsService64.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(SanDisk Corporation) C:\Users\Joe\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
() C:\Program Files (x86)\Boost\BoostUpdater.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
() C:\Program Files (x86)\fst_de_77\freeSoftToday_widget.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [MobileBroadband] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [69632 2012-04-23] (Vodafone)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [336992 2012-12-09] (Power Software Ltd)
HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
HKLM-x32\...\Run: [AnyProtect Tray] => "C:\Program Files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe"
HKLM-x32\...\Run: [fst_de_77] => C:\Program Files (x86)\fst_de_77\fst_de_77.exe [3977696 2014-07-01] ()
HKLM-x32\...\RunOnce: [upfst_de_77.exe] - C:\Users\Joe\AppData\Local\fst_de_77\upfst_de_77.exe -runonce [3355128 2014-07-01] ()
HKU\S-1-5-21-2168211459-3127497666-3910615475-1000\...\Run: [SansaDispatch] => C:\Users\Joe\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [613888 2014-03-14] (SanDisk Corporation)
HKU\S-1-5-21-2168211459-3127497666-3910615475-1000\...\MountPoints2: E - E:\autorun.exe
HKU\S-1-5-21-2168211459-3127497666-3910615475-1000\...\MountPoints2: F - F:\setup\rsrc\Autorun.exe
HKU\S-1-5-21-2168211459-3127497666-3910615475-1000\...\MountPoints2: G - G:\Setup.exe
HKU\S-1-5-21-2168211459-3127497666-3910615475-1000\...\MountPoints2: {48c51b64-9256-11e2-aa49-40618616ae65} - E:\LaunchU3.exe -a
HKU\S-1-5-21-2168211459-3127497666-3910615475-1000\...\MountPoints2: {d80a81e4-af04-11e0-bb5e-40618616ae65} - E:\Autorun.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [220992 2014-06-26] (Client Connect LTD)
AppInit_DLLs:  C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\Program Files (x86)\SupTab\SearchProtect64.dll [102512 2014-05-08] (Skytech Co., Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [182080 2014-06-26] (Client Connect LTD)
AppInit_DLLs-x32:  C:\PROGRA~2\SupTab\SEARCH~1.DLL => C:\Program Files (x86)\SupTab\SearchProtect32.dll [91248 2014-05-08] (Skytech Co., Ltd.)
Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BoostUpdater.lnk
ShortcutTarget: BoostUpdater.lnk -> C:\Program Files (x86)\Boost\BoostUpdater.exe ()
Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovigo.com/?gd=&ctid=CT3323829&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=2&UP=SP71A161A1-22C1-44F0-B4D4-911652331E07&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x01ED3657BBCCCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1404224363&from=tugs&uid=WDCXWD5000BEVT-22ZAT0_WD-WX10A992850228502
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1404224363&from=tugs&uid=WDCXWD5000BEVT-22ZAT0_WD-WX10A992850228502&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1404224363&from=tugs&uid=WDCXWD5000BEVT-22ZAT0_WD-WX10A992850228502
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1404224363&from=tugs&uid=WDCXWD5000BEVT-22ZAT0_WD-WX10A992850228502
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1404224363&from=tugs&uid=WDCXWD5000BEVT-22ZAT0_WD-WX10A992850228502&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1404224363&from=tugs&uid=WDCXWD5000BEVT-22ZAT0_WD-WX10A992850228502&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1404224363&from=tugs&uid=WDCXWD5000BEVT-22ZAT0_WD-WX10A992850228502
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1404224363&from=tugs&uid=WDCXWD5000BEVT-22ZAT0_WD-WX10A992850228502
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1404224363&from=tugs&uid=WDCXWD5000BEVT-22ZAT0_WD-WX10A992850228502&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1404224363&from=tugs&uid=WDCXWD5000BEVT-22ZAT0_WD-WX10A992850228502
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1404224363&from=tugs&uid=WDCXWD5000BEVT-22ZAT0_WD-WX10A992850228502&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1404224363&from=tugs&uid=WDCXWD5000BEVT-22ZAT0_WD-WX10A992850228502&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1404224363&from=tugs&uid=WDCXWD5000BEVT-22ZAT0_WD-WX10A992850228502&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1404224363&from=tugs&uid=WDCXWD5000BEVT-22ZAT0_WD-WX10A992850228502&q={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3323829&octid=EB_ORIGINAL_CTID&ISID=M0446DDDA-D903-485F-9084-1221845C43AF&SearchSource=58&CUI=&UM=2&UP=SP71A161A1-22C1-44F0-B4D4-911652331E07&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3323829&octid=EB_ORIGINAL_CTID&ISID=M0446DDDA-D903-485F-9084-1221845C43AF&SearchSource=58&CUI=&UM=2&UP=SP71A161A1-22C1-44F0-B4D4-911652331E07&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://startsear.ch/?aff=1&src=sp&cf=1ffc10a6-3ece-11e1-98fe-40618616ae65&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1404224363&from=tugs&uid=WDCXWD5000BEVT-22ZAT0_WD-WX10A992850228502&q={searchTerms}
SearchScopes: HKCU - {8C48B540-8632-4590-860D-52EA3B8FA5D0} URL = hxxp://searchya.com/?chnl=ft-102&s=1&cr=1723402304&cd=2XzutAtN2Y1L1QzuyEtDyCtCzzyCtCyC0A0EyCyDyC0B0FtCyBtN0D0TzutBtDtCtBtDtAtDtB&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={19E52E87-5213-4839-A0D1-55BAF38AF9B1}&mid=3d902113b17947d0ba769128c0f24796-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=de&ds=st011&pr=sa&d=2012-04-06 00:01:37&v=9.0.0.23&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6OyXdDHZIX&i=26
BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Joe\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
BHO: Weather It Up - {11111111-1111-1111-1111-110411911136} - C:\Program Files (x86)\Weather It Up\Weather It Up-bho64.dll (Phoenix Media)
BHO: HQube-V1.6 - {11111111-1111-1111-1111-110511951168} - C:\Program Files (x86)\HQube-V1.6\HQube-V1.6-bho64.dll (HQTop-1.6)
BHO: video MediaPlay-Air - {11111111-1111-1111-1111-110511951199} - C:\Program Files (x86)\video MediaPlay-Air\video MediaPlay-Air-bho64.dll (enter)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Citavi Picker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Boost - {8DE6FC60-E023-4AD7-A3B7-591E1460E7F7} - C:\Program Files (x86)\Boost\64Boost.dll (Jigsaw)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Joe\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
BHO-x32: Weather It Up - {11111111-1111-1111-1111-110411911136} - C:\Program Files (x86)\Weather It Up\Weather It Up-bho.dll (Phoenix Media)
BHO-x32: HQube-V1.6 - {11111111-1111-1111-1111-110511951168} - C:\Program Files (x86)\HQube-V1.6\HQube-V1.6-bho.dll (HQTop-1.6)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Citavi Picker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Re-markit - {78003AE2-BF98-28E5-D0E9-9353DBF27211} - C:\Program Files (x86)\-Re_Markable\174.dll ()
BHO-x32: IE5BarLauncherBHO Class - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
BHO-x32: Boost - {8DE6FC60-E023-4AD7-A3B7-591E1460E7F7} - C:\Program Files (x86)\Boost\Boost.dll (Jigsaw)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - VShareToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{2EDCA1BE-6DA2-4813-BAD2-BB8E3AA6EE10}: [NameServer]139.7.30.125 139.7.30.126
Tcpip\..\Interfaces\{AF2A3D51-91A7-4FCA-AED4-CF72E6F4B1D9}: [NameServer]139.7.30.126 139.7.30.125
Tcpip\..\Interfaces\{B5127C26-120D-45E9-9400-A2380AAA4DC5}: [NameServer]139.7.30.126 139.7.30.125

FireFox:
========
FF ProfilePath: C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: webssearches
FF SearchEngineOrder.1: Web Search
FF SelectedSearchEngine: Google
FF Homepage: hxxp://istart.webssearches.com/?type=hp&ts=1404224363&from=tugs&uid=WDCXWD5000BEVT-22ZAT0_WD-WX10A992850228502
FF Keyword.URL: hxxp://mystart.incredibar.com/mb128/?loc=IB_DS&a=6OyXdDHZIX&&i=26&search=
FF NetworkProxy: "backup.ftp", "		23.241.35.39"
FF NetworkProxy: "backup.ftp_port", 30721
FF NetworkProxy: "backup.socks", "		23.241.35.39"
FF NetworkProxy: "backup.socks_port", 30721
FF NetworkProxy: "backup.ssl", "		23.241.35.39"
FF NetworkProxy: "backup.ssl_port", 30721
FF NetworkProxy: "ftp", "	97.80.60.62"
FF NetworkProxy: "ftp_port", 25628
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "	97.80.60.62"
FF NetworkProxy: "socks_port", 25628
FF NetworkProxy: "ssl", "	97.80.60.62"
FF NetworkProxy: "ssl_port", 25628
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll (vShare.tv )
FF SearchPlugin: C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\searchplugins\aol-web-search.xml
FF SearchPlugin: C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\searchplugins\leo-deu-eng.xml
FF SearchPlugin: C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\searchplugins\searchya.xml
FF SearchPlugin: C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\searchplugins\startsear.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Weather It Up - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\18c3bc7a-b2aa-43c1-885a-665d2f25cf89@d6802e59-3519-4428-bef7-bce888d550bb.com [2014-07-02]
FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\donottrackplus@abine.com [2014-07-02]
FF Extension: HQube-V1.6 - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\f80af4ec-42b9-429d-99b0-4078ec7cf864@44882d20-8865-4b13-b79e-ae8470d9a955.com [2014-07-01]
FF Extension: Fast Start - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\faststartff@gmail.com [2014-07-01]
FF Extension: video MediaPlay-Air - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com [2014-07-01]
FF Extension: incredibar.com - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\ffxtlbr@incredibar.com [2012-12-15]
FF Extension: ProxTube - Unblock YouTube - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\ich@maltegoetz.de [2014-05-23]
FF Extension: No Name - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\staged [2014-07-02]
FF Extension: YouTube Unblocker - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\youtubeunblocker@unblocker.yt [2014-05-23]
FF Extension: Winamp Toolbar - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2013-02-25]
FF Extension: Temp Installer - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\{77868449-f49d-d6ec-3145-e651161b1ff8} [2014-07-02]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-05-13]
FF Extension: Boost - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\boost@boost.net.xpi [2014-05-16]
FF Extension: FreeHDSport.TV - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\freehdsport@freehdsport.tv.xpi [2013-01-26]
FF Extension: Grooveshark Unlocker - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\groovesharkUnlocker@overlord1337.xpi [2012-01-30]
FF Extension: NASA Night Launch - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\nasanightlaunch@example.com.xpi [2012-12-03]
FF Extension: vshare Add-On - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi [2011-09-10]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon [2013-09-12]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-06-23]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\extensions\faststartff@gmail.com
FF Extension: Fast Start - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\extensions\faststartff@gmail.com [2014-07-01]
FF HKCU\...\Firefox\Extensions: [{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}] - C:\Users\Joe\AppData\Roaming\13001.028
FF Extension: Java Link Helper - C:\Users\Joe\AppData\Roaming\13001.028 [2012-07-22]
FF HKCU\...\Firefox\Extensions: [{0938DD4D-EE2E-3D74-5FDB-CA08609ADE35}] - C:\Program Files (x86)\-Re_Markable\174.xpi
FF Extension: No Name - C:\Program Files (x86)\-Re_Markable\174.xpi [2014-07-01]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://istart.webssearches.com/?type=sc&ts=1404224363&from=tugs&uid=WDCXWD5000BEVT-22ZAT0_WD-WX10A992850228502

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-01] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1028688 2014-07-01] (Avira Operations GmbH & Co. KG)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36424 2014-06-18] (Just Develop It)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2832704 2014-06-26] (Client Connect LTD)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-07-02] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-07-02] (globalUpdate) [File not signed]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [704112 2014-05-08] (Cherished Technololgy LIMITED)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-20] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2014-04-21] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [214520 2014-04-21] ()
U2 Re-Markable; C:\Program Files (x86)\-Re_Markable\Re-markitSl174.exe [179200 2014-07-01] () [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 servervo; C:\Users\Joe\AppData\Roaming\VOPackage\VOsrv.exe [73216 2014-07-01] () [File not signed]
R2 SupraSavingsService64; C:\Program Files (x86)\CB78F643-3729-434F-8C25-F28D15F025F3\SupraSavingsService64.exe [172544 2014-07-01] () [File not signed]
R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [317296 2011-06-24] (Sierra Wireless, Inc.)
R2 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [8704 2012-04-23] (Vodafone) [File not signed]
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [535936 2014-07-01] (Fuyu LIMITED)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-20] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-11-02] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16552 2013-09-12] (Bytemobile, Inc.) [File not signed]
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [422400 2012-04-20] (Huawei Technologies Co., Ltd.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-11-02] ()
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-06-12] (NetFilterSDK.com)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39592 2013-09-12] (Bytemobile, Inc.) [File not signed]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-02 08:59 - 2014-07-02 09:01 - 00031547 _____ () C:\Users\Joe\Desktop\FRST.txt
2014-07-02 08:59 - 2014-07-02 08:59 - 02083840 _____ (Farbar) C:\Users\Joe\Desktop\FRST64.exe
2014-07-02 08:59 - 2014-07-02 08:59 - 00000000 ____D () C:\FRST
2014-07-02 08:38 - 2014-07-02 08:38 - 00000000 ____D () C:\Users\Joe\AppData\Local\freeSOFTtoday
2014-07-02 08:36 - 2014-07-02 08:36 - 00003132 _____ () C:\Windows\System32\Tasks\System Speedup
2014-07-02 08:36 - 2014-07-02 08:36 - 00003026 _____ () C:\Windows\System32\Tasks\System Speedup_UPDATES
2014-07-02 08:36 - 2014-07-02 08:36 - 00002870 _____ () C:\Windows\System32\Tasks\System Speedup_DEFAULT
2014-07-02 08:36 - 2014-07-02 08:36 - 00000288 _____ () C:\Windows\Tasks\System Speedup_UPDATES.job
2014-07-02 08:36 - 2014-07-02 08:36 - 00000280 _____ () C:\Windows\Tasks\System Speedup_DEFAULT.job
2014-07-02 08:36 - 2014-07-02 08:36 - 00000000 ____D () C:\Program Files (x86)\Boost
2014-07-02 08:35 - 2014-07-02 08:38 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\System Speedup
2014-07-02 08:35 - 2014-07-02 08:35 - 00004516 _____ () C:\Windows\System32\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-1
2014-07-02 08:35 - 2014-07-02 08:35 - 00004440 _____ () C:\Windows\System32\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-5
2014-07-02 08:35 - 2014-07-02 08:35 - 00004350 _____ () C:\Windows\System32\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-2
2014-07-02 08:35 - 2014-07-02 08:35 - 00001410 _____ () C:\Windows\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-5.job
2014-07-02 08:35 - 2014-07-02 08:35 - 00001320 _____ () C:\Windows\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-2.job
2014-07-02 08:35 - 2014-07-02 08:35 - 00001038 _____ () C:\Users\Public\Desktop\System Speedup.lnk
2014-07-02 08:35 - 2014-07-02 08:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Speedup
2014-07-02 08:35 - 2014-07-02 08:35 - 00000000 ____D () C:\Program Files (x86)\System Speedup
2014-07-02 08:34 - 2014-07-02 08:35 - 00001486 _____ () C:\Windows\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-1.job
2014-07-02 08:34 - 2014-07-02 08:35 - 00000000 ____D () C:\Program Files (x86)\Weather It Up
2014-07-02 08:34 - 2014-07-02 08:34 - 00006826 _____ () C:\Windows\System32\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-11
2014-07-02 08:34 - 2014-07-02 08:34 - 00005330 _____ () C:\Windows\System32\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-4
2014-07-02 08:34 - 2014-07-02 08:34 - 00003796 _____ () C:\Windows\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-11.job
2014-07-02 08:34 - 2014-07-02 08:34 - 00002300 _____ () C:\Windows\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-4.job
2014-07-02 08:31 - 2014-07-02 08:31 - 00227120 _____ (Fusion Install ) C:\Users\Joe\Desktop\Setup.exe
2014-07-02 07:59 - 2014-07-02 07:59 - 00001933 _____ () C:\Users\Joe\Desktop\Sync Folder.lnk
2014-07-01 22:45 - 2014-07-02 07:58 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-07-01 22:45 - 2014-07-01 22:45 - 00001051 _____ () C:\Users\Joe\Desktop\MyPC Backup.lnk
2014-07-01 22:45 - 2014-07-01 22:45 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-07-01 22:44 - 2014-07-02 07:59 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-07-01 22:44 - 2014-07-01 22:46 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\systweak
2014-07-01 22:44 - 2014-07-01 22:44 - 00003312 _____ () C:\Windows\System32\Tasks\Advanced System Protector
2014-07-01 22:44 - 2014-07-01 22:44 - 00001165 _____ () C:\Users\Public\Desktop\Advanced System Protector.lnk
2014-07-01 22:44 - 2014-07-01 22:44 - 00000000 ____D () C:\ProgramData\Systweak
2014-07-01 22:44 - 2014-07-01 22:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
2014-07-01 22:44 - 2014-07-01 22:44 - 00000000 ____D () C:\Program Files (x86)\Advanced System Protector
2014-07-01 22:44 - 2013-12-13 17:53 - 00019544 _____ (System Speedup) C:\Windows\system32\roboot64.exe
2014-07-01 22:44 - 2012-07-25 12:03 - 00016896 _____ () C:\Windows\system32\sasnative64.exe
2014-07-01 22:43 - 2014-07-02 08:12 - 00000000 ____D () C:\Program Files\suprasavings
2014-07-01 22:43 - 2014-07-01 22:43 - 00000000 ____D () C:\Program Files (x86)\CB78F643-3729-434F-8C25-F28D15F025F3
2014-07-01 22:42 - 2014-07-02 08:14 - 00000000 ____D () C:\Program Files\003
2014-07-01 22:41 - 2014-07-02 08:33 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-07-01 22:29 - 2014-07-01 22:29 - 00000000 ____D () C:\Users\Joe\AppData\Local\webinternetsecurity
2014-07-01 22:18 - 2014-07-02 08:14 - 00000000 ____D () C:\Users\Joe\Desktop\Anti
2014-07-01 22:06 - 2014-07-02 08:01 - 00000000 ____D () C:\Users\Joe\AppData\Local\fst_de_77
2014-07-01 22:06 - 2014-07-01 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FrEeSoFtOdAy
2014-07-01 22:06 - 2014-07-01 22:06 - 00000000 ____D () C:\Program Files (x86)\fst_de_77
2014-07-01 16:33 - 2014-07-01 16:33 - 00003164 _____ () C:\Windows\System32\Tasks\{908B9EC9-1106-4C32-A877-84E0562A3798}
2014-07-01 16:32 - 2014-07-02 08:26 - 00001047 _____ () C:\Users\Joe\Desktop\Continue VuuPC Installation.lnk
2014-07-01 16:26 - 2014-07-01 16:26 - 00000000 ____D () C:\ProgramData\374311380
2014-07-01 16:22 - 2014-07-02 07:55 - 00001422 _____ () C:\Windows\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-5.job
2014-07-01 16:22 - 2014-07-01 21:52 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-07-01 16:22 - 2014-07-01 21:52 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-07-01 16:22 - 2014-07-01 16:42 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-07-01 16:22 - 2014-07-01 16:23 - 00000320 _____ () C:\Users\Joe\AppData\Roaming\aps.uninstall.scan.results
2014-07-01 16:22 - 2014-07-01 16:22 - 00004452 _____ () C:\Windows\System32\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-5
2014-07-01 16:22 - 2014-07-01 16:22 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-07-01 16:22 - 2014-07-01 16:22 - 00002822 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-07-01 16:22 - 2014-07-01 16:22 - 00002822 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-07-01 16:22 - 2014-07-01 16:22 - 00001442 _____ () C:\Windows\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-5_user.job
2014-07-01 16:22 - 2014-07-01 16:22 - 00000000 ____D () C:\Users\Joe\AppData\Local\com
2014-07-01 16:21 - 2014-07-02 07:55 - 00001524 _____ () C:\Windows\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-5.job
2014-07-01 16:21 - 2014-07-02 07:55 - 00001512 _____ () C:\Windows\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-1.job
2014-07-01 16:21 - 2014-07-02 07:55 - 00001432 _____ () C:\Windows\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-2.job
2014-07-01 16:21 - 2014-07-02 07:55 - 00001330 _____ () C:\Windows\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-2.job
2014-07-01 16:21 - 2014-07-02 07:55 - 00001250 _____ () C:\Windows\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-10.job
2014-07-01 16:21 - 2014-07-01 16:22 - 00004554 _____ () C:\Windows\System32\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-5
2014-07-01 16:21 - 2014-07-01 16:22 - 00004280 _____ () C:\Windows\System32\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-10
2014-07-01 16:21 - 2014-07-01 16:21 - 00623768 _____ (Click Me In Limited) C:\Users\Joe\AppData\Local\nsxFA0B.tmp
2014-07-01 16:21 - 2014-07-01 16:21 - 00004542 _____ () C:\Windows\System32\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-1
2014-07-01 16:21 - 2014-07-01 16:21 - 00004462 _____ () C:\Windows\System32\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-2
2014-07-01 16:21 - 2014-07-01 16:21 - 00004360 _____ () C:\Windows\System32\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-2
2014-07-01 16:21 - 2014-07-01 16:21 - 00001544 _____ () C:\Windows\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-5_user.job
2014-07-01 16:20 - 2014-07-02 08:34 - 00003944 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-07-01 16:20 - 2014-07-02 07:55 - 00002178 _____ () C:\Windows\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-4.job
2014-07-01 16:20 - 2014-07-02 07:55 - 00001650 _____ () C:\Windows\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-1.job
2014-07-01 16:20 - 2014-07-01 16:21 - 00004680 _____ () C:\Windows\System32\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-1
2014-07-01 16:20 - 2014-07-01 16:21 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-07-01 16:20 - 2014-07-01 16:20 - 00005296 _____ () C:\Windows\System32\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-4
2014-07-01 16:20 - 2014-07-01 16:20 - 00005208 _____ () C:\Windows\System32\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-4
2014-07-01 16:20 - 2014-07-01 16:20 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\VOPackage
2014-07-01 16:20 - 2014-07-01 16:20 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\SupTab
2014-07-01 16:20 - 2014-07-01 16:20 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-07-01 16:20 - 2014-07-01 16:20 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-07-01 16:20 - 2014-07-01 16:20 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-07-01 16:19 - 2014-07-02 08:39 - 00000946 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-07-01 16:19 - 2014-07-02 08:39 - 00000942 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-07-01 16:19 - 2014-07-02 08:34 - 00003690 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-07-01 16:19 - 2014-07-02 08:15 - 00000000 ____D () C:\Program Files (x86)\video MediaPlay-Air
2014-07-01 16:19 - 2014-07-02 08:15 - 00000000 ____D () C:\Program Files (x86)\HQube-V1.6
2014-07-01 16:19 - 2014-07-02 08:02 - 00000378 _____ () C:\Windows\Tasks\Re-markit_wd.job
2014-07-01 16:19 - 2014-07-02 07:55 - 00003804 _____ () C:\Windows\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-11.job
2014-07-01 16:19 - 2014-07-02 07:55 - 00003442 _____ () C:\Windows\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-11.job
2014-07-01 16:19 - 2014-07-02 07:55 - 00003104 _____ () C:\Windows\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-3.job
2014-07-01 16:19 - 2014-07-02 07:55 - 00002434 _____ () C:\Windows\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-3.job
2014-07-01 16:19 - 2014-07-02 07:55 - 00002266 _____ () C:\Windows\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-4.job
2014-07-01 16:19 - 2014-07-02 07:55 - 00000400 _____ () C:\Windows\Tasks\Re-markit Update.job
2014-07-01 16:19 - 2014-07-01 16:26 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-01 16:19 - 2014-07-01 16:20 - 00006834 _____ () C:\Windows\System32\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-11
2014-07-01 16:19 - 2014-07-01 16:20 - 00006472 _____ () C:\Windows\System32\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-11
2014-07-01 16:19 - 2014-07-01 16:20 - 00006134 _____ () C:\Windows\System32\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-3
2014-07-01 16:19 - 2014-07-01 16:19 - 00005464 _____ () C:\Windows\System32\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-3
2014-07-01 16:19 - 2014-07-01 16:19 - 00003044 _____ () C:\Windows\System32\Tasks\Re-markit Update
2014-07-01 16:19 - 2014-07-01 16:19 - 00002962 _____ () C:\Windows\System32\Tasks\Re-markit_wd
2014-07-01 16:19 - 2014-07-01 16:19 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-07-01 16:19 - 2014-07-01 16:19 - 00000000 ____D () C:\Users\Joe\Documents\Optimizer Pro
2014-07-01 16:19 - 2014-07-01 16:19 - 00000000 ____D () C:\Users\Joe\AppData\Local\globalUpdate
2014-07-01 16:19 - 2014-07-01 16:19 - 00000000 ____D () C:\Program Files (x86)\-Re_Markable
2014-07-01 16:19 - 2014-07-01 16:19 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-07-01 16:17 - 2014-07-01 22:42 - 00000000 ____D () C:\Users\Joe\AppData\Local\SearchProtect
2014-07-01 16:17 - 2014-07-01 16:17 - 00000000 _____ () C:\END
2014-06-30 15:19 - 2014-06-30 15:19 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\Intel
2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ____D () C:\ProgramData\Intel
2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ____D () C:\Program Files\Common Files\Intel
2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-06-30 15:17 - 2014-06-30 15:18 - 00008990 _____ () C:\Windows\DPINST.LOG
2014-06-30 15:17 - 2014-06-30 15:18 - 00000000 ____D () C:\Program Files\Intel
2014-06-30 15:17 - 2014-06-30 15:17 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-24 22:01 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\Windows\system32\CNMLMAT.DLL
2014-06-24 22:01 - 2011-03-31 10:07 - 00302080 _____ (CANON INC.) C:\Windows\system32\CNC_ATC.dll
2014-06-24 22:01 - 2011-03-31 10:06 - 00112128 _____ (CANON INC.) C:\Windows\system32\CNC_ATI.dll
2014-06-24 22:01 - 2011-03-30 12:55 - 00373248 _____ (CANON INC.) C:\Windows\system32\CNC_ATL.dll
2014-06-24 22:01 - 2010-11-12 11:13 - 00068096 _____ () C:\Windows\system32\CNC1754D.TBL
2014-06-24 22:01 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2014-06-23 18:28 - 2014-06-23 18:28 - 00000000 ____D () C:\ProgramData\Gibraltar
2014-06-23 18:25 - 2014-06-23 18:25 - 00000000 ____D () C:\Users\Joe\AppData\Local\Swiss Academic Software
2014-06-23 18:24 - 2014-07-01 14:53 - 00000000 ____D () C:\Users\Joe\Documents\Citavi 4
2014-06-23 18:24 - 2014-06-23 18:28 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\Swiss Academic Software
2014-06-23 18:21 - 2014-06-23 18:22 - 00000000 ____D () C:\ProgramData\Swiss Academic Software
2014-06-23 18:21 - 2014-06-23 18:21 - 00001909 _____ () C:\Users\Public\Desktop\Citavi 4.lnk
2014-06-23 18:21 - 2014-06-23 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 4
2014-06-23 18:20 - 2014-06-23 18:21 - 00000000 ____D () C:\Program Files (x86)\Citavi 4
2014-06-23 18:14 - 2014-06-23 18:15 - 88342536 _____ (Swiss Academic Software) C:\Users\Joe\Downloads\Citavi4Setup.exe
2014-06-12 21:05 - 2014-06-12 21:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys
2014-06-11 19:27 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 19:27 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 19:27 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 19:27 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 19:27 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 19:27 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 19:27 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 19:27 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 19:27 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 19:27 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 19:27 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 19:27 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 19:27 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 19:27 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 19:27 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 19:27 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 19:27 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 19:27 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 19:27 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 19:27 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 19:27 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 19:27 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 19:27 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 19:27 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 19:27 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 19:27 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 19:27 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 19:27 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 19:27 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 19:27 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 19:27 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 19:27 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 19:27 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 19:27 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 19:27 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 19:27 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 19:27 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 19:27 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 19:27 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 19:27 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 19:27 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 19:27 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 19:27 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 19:27 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 19:27 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 19:27 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 19:27 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 19:27 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 19:27 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 19:27 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 19:27 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 19:27 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 19:27 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 19:27 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 19:27 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 19:27 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 19:27 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 19:27 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 19:27 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 19:27 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 19:27 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 19:27 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 19:27 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 19:27 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 19:25 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 19:25 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-03 14:53 - 2014-06-03 14:53 - 00000000 ____D () C:\Users\Joe\AppData\Local\Adobe

==================== One Month Modified Files and Folders =======

2014-07-02 09:01 - 2014-07-02 08:59 - 00031547 _____ () C:\Users\Joe\Desktop\FRST.txt
2014-07-02 08:59 - 2014-07-02 08:59 - 02083840 _____ (Farbar) C:\Users\Joe\Desktop\FRST64.exe
2014-07-02 08:59 - 2014-07-02 08:59 - 00000000 ____D () C:\FRST
2014-07-02 08:49 - 2012-02-15 16:04 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-02 08:39 - 2014-07-01 16:19 - 00000946 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-07-02 08:39 - 2014-07-01 16:19 - 00000942 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-07-02 08:38 - 2014-07-02 08:38 - 00000000 ____D () C:\Users\Joe\AppData\Local\freeSOFTtoday
2014-07-02 08:38 - 2014-07-02 08:35 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\System Speedup
2014-07-02 08:36 - 2014-07-02 08:36 - 00003132 _____ () C:\Windows\System32\Tasks\System Speedup
2014-07-02 08:36 - 2014-07-02 08:36 - 00003026 _____ () C:\Windows\System32\Tasks\System Speedup_UPDATES
2014-07-02 08:36 - 2014-07-02 08:36 - 00002870 _____ () C:\Windows\System32\Tasks\System Speedup_DEFAULT
2014-07-02 08:36 - 2014-07-02 08:36 - 00000288 _____ () C:\Windows\Tasks\System Speedup_UPDATES.job
2014-07-02 08:36 - 2014-07-02 08:36 - 00000280 _____ () C:\Windows\Tasks\System Speedup_DEFAULT.job
2014-07-02 08:36 - 2014-07-02 08:36 - 00000000 ____D () C:\Program Files (x86)\Boost
2014-07-02 08:35 - 2014-07-02 08:35 - 00004516 _____ () C:\Windows\System32\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-1
2014-07-02 08:35 - 2014-07-02 08:35 - 00004440 _____ () C:\Windows\System32\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-5
2014-07-02 08:35 - 2014-07-02 08:35 - 00004350 _____ () C:\Windows\System32\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-2
2014-07-02 08:35 - 2014-07-02 08:35 - 00001410 _____ () C:\Windows\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-5.job
2014-07-02 08:35 - 2014-07-02 08:35 - 00001320 _____ () C:\Windows\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-2.job
2014-07-02 08:35 - 2014-07-02 08:35 - 00001038 _____ () C:\Users\Public\Desktop\System Speedup.lnk
2014-07-02 08:35 - 2014-07-02 08:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Speedup
2014-07-02 08:35 - 2014-07-02 08:35 - 00000000 ____D () C:\Program Files (x86)\System Speedup
2014-07-02 08:35 - 2014-07-02 08:34 - 00001486 _____ () C:\Windows\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-1.job
2014-07-02 08:35 - 2014-07-02 08:34 - 00000000 ____D () C:\Program Files (x86)\Weather It Up
2014-07-02 08:34 - 2014-07-02 08:34 - 00006826 _____ () C:\Windows\System32\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-11
2014-07-02 08:34 - 2014-07-02 08:34 - 00005330 _____ () C:\Windows\System32\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-4
2014-07-02 08:34 - 2014-07-02 08:34 - 00003796 _____ () C:\Windows\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-11.job
2014-07-02 08:34 - 2014-07-02 08:34 - 00002300 _____ () C:\Windows\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-4.job
2014-07-02 08:34 - 2014-07-01 16:20 - 00003944 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-07-02 08:34 - 2014-07-01 16:19 - 00003690 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-07-02 08:33 - 2014-07-01 22:41 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-07-02 08:31 - 2014-07-02 08:31 - 00227120 _____ (Fusion Install ) C:\Users\Joe\Desktop\Setup.exe
2014-07-02 08:26 - 2014-07-01 16:32 - 00001047 _____ () C:\Users\Joe\Desktop\Continue VuuPC Installation.lnk
2014-07-02 08:25 - 2012-07-10 10:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-02 08:15 - 2014-07-01 16:19 - 00000000 ____D () C:\Program Files (x86)\video MediaPlay-Air
2014-07-02 08:15 - 2014-07-01 16:19 - 00000000 ____D () C:\Program Files (x86)\HQube-V1.6
2014-07-02 08:14 - 2014-07-01 22:42 - 00000000 ____D () C:\Program Files\003
2014-07-02 08:14 - 2014-07-01 22:18 - 00000000 ____D () C:\Users\Joe\Desktop\Anti
2014-07-02 08:12 - 2014-07-01 22:43 - 00000000 ____D () C:\Program Files\suprasavings
2014-07-02 08:10 - 2009-07-14 06:45 - 00015360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-02 08:10 - 2009-07-14 06:45 - 00015360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-02 08:05 - 2011-07-15 18:18 - 02047360 _____ () C:\Windows\WindowsUpdate.log
2014-07-02 08:02 - 2014-07-01 16:19 - 00000378 _____ () C:\Windows\Tasks\Re-markit_wd.job
2014-07-02 08:01 - 2014-07-01 22:06 - 00000000 ____D () C:\Users\Joe\AppData\Local\fst_de_77
2014-07-02 07:59 - 2014-07-02 07:59 - 00001933 _____ () C:\Users\Joe\Desktop\Sync Folder.lnk
2014-07-02 07:59 - 2014-07-01 22:44 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-07-02 07:58 - 2014-07-01 22:45 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-07-02 07:55 - 2014-07-01 16:22 - 00001422 _____ () C:\Windows\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-5.job
2014-07-02 07:55 - 2014-07-01 16:21 - 00001524 _____ () C:\Windows\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-5.job
2014-07-02 07:55 - 2014-07-01 16:21 - 00001512 _____ () C:\Windows\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-1.job
2014-07-02 07:55 - 2014-07-01 16:21 - 00001432 _____ () C:\Windows\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-2.job
2014-07-02 07:55 - 2014-07-01 16:21 - 00001330 _____ () C:\Windows\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-2.job
2014-07-02 07:55 - 2014-07-01 16:21 - 00001250 _____ () C:\Windows\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-10.job
2014-07-02 07:55 - 2014-07-01 16:20 - 00002178 _____ () C:\Windows\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-4.job
2014-07-02 07:55 - 2014-07-01 16:20 - 00001650 _____ () C:\Windows\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-1.job
2014-07-02 07:55 - 2014-07-01 16:19 - 00003804 _____ () C:\Windows\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-11.job
2014-07-02 07:55 - 2014-07-01 16:19 - 00003442 _____ () C:\Windows\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-11.job
2014-07-02 07:55 - 2014-07-01 16:19 - 00003104 _____ () C:\Windows\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-3.job
2014-07-02 07:55 - 2014-07-01 16:19 - 00002434 _____ () C:\Windows\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-3.job
2014-07-02 07:55 - 2014-07-01 16:19 - 00002266 _____ () C:\Windows\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-4.job
2014-07-02 07:55 - 2014-07-01 16:19 - 00000400 _____ () C:\Windows\Tasks\Re-markit Update.job
2014-07-02 07:55 - 2013-12-19 08:39 - 00029207 _____ () C:\Windows\setupact.log
2014-07-02 07:55 - 2012-02-15 16:04 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-02 07:55 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-02 07:54 - 2014-01-08 08:36 - 00257746 _____ () C:\Windows\PFRO.log
2014-07-01 22:46 - 2014-07-01 22:44 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\systweak
2014-07-01 22:45 - 2014-07-01 22:45 - 00001051 _____ () C:\Users\Joe\Desktop\MyPC Backup.lnk
2014-07-01 22:45 - 2014-07-01 22:45 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-07-01 22:44 - 2014-07-01 22:44 - 00003312 _____ () C:\Windows\System32\Tasks\Advanced System Protector
2014-07-01 22:44 - 2014-07-01 22:44 - 00001165 _____ () C:\Users\Public\Desktop\Advanced System Protector.lnk
2014-07-01 22:44 - 2014-07-01 22:44 - 00000000 ____D () C:\ProgramData\Systweak
2014-07-01 22:44 - 2014-07-01 22:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
2014-07-01 22:44 - 2014-07-01 22:44 - 00000000 ____D () C:\Program Files (x86)\Advanced System Protector
2014-07-01 22:43 - 2014-07-01 22:43 - 00000000 ____D () C:\Program Files (x86)\CB78F643-3729-434F-8C25-F28D15F025F3
2014-07-01 22:42 - 2014-07-01 16:17 - 00000000 ____D () C:\Users\Joe\AppData\Local\SearchProtect
2014-07-01 22:29 - 2014-07-01 22:29 - 00000000 ____D () C:\Users\Joe\AppData\Local\webinternetsecurity
2014-07-01 22:18 - 2014-02-12 21:14 - 00005126 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Joe´s-PC-Joe Joe´s-PC
2014-07-01 22:06 - 2014-07-01 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FrEeSoFtOdAy
2014-07-01 22:06 - 2014-07-01 22:06 - 00000000 ____D () C:\Program Files (x86)\fst_de_77
2014-07-01 21:52 - 2014-07-01 16:22 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-07-01 21:52 - 2014-07-01 16:22 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-07-01 16:42 - 2014-07-01 16:22 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-07-01 16:33 - 2014-07-01 16:33 - 00003164 _____ () C:\Windows\System32\Tasks\{908B9EC9-1106-4C32-A877-84E0562A3798}
2014-07-01 16:26 - 2014-07-01 16:26 - 00000000 ____D () C:\ProgramData\374311380
2014-07-01 16:26 - 2014-07-01 16:19 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-01 16:24 - 2013-11-04 15:45 - 00000000 ____D () C:\Windows\uninstall
2014-07-01 16:23 - 2014-07-01 16:22 - 00000320 _____ () C:\Users\Joe\AppData\Roaming\aps.uninstall.scan.results
2014-07-01 16:22 - 2014-07-01 16:22 - 00004452 _____ () C:\Windows\System32\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-5
2014-07-01 16:22 - 2014-07-01 16:22 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-07-01 16:22 - 2014-07-01 16:22 - 00002822 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-07-01 16:22 - 2014-07-01 16:22 - 00002822 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-07-01 16:22 - 2014-07-01 16:22 - 00001442 _____ () C:\Windows\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-5_user.job
2014-07-01 16:22 - 2014-07-01 16:22 - 00000000 ____D () C:\Users\Joe\AppData\Local\com
2014-07-01 16:22 - 2014-07-01 16:21 - 00004554 _____ () C:\Windows\System32\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-5
2014-07-01 16:22 - 2014-07-01 16:21 - 00004280 _____ () C:\Windows\System32\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-10
2014-07-01 16:21 - 2014-07-01 16:21 - 00623768 _____ (Click Me In Limited) C:\Users\Joe\AppData\Local\nsxFA0B.tmp
2014-07-01 16:21 - 2014-07-01 16:21 - 00004542 _____ () C:\Windows\System32\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-1
2014-07-01 16:21 - 2014-07-01 16:21 - 00004462 _____ () C:\Windows\System32\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-2
2014-07-01 16:21 - 2014-07-01 16:21 - 00004360 _____ () C:\Windows\System32\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-2
2014-07-01 16:21 - 2014-07-01 16:21 - 00001544 _____ () C:\Windows\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-5_user.job
2014-07-01 16:21 - 2014-07-01 16:20 - 00004680 _____ () C:\Windows\System32\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-1
2014-07-01 16:21 - 2014-07-01 16:20 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-07-01 16:20 - 2014-07-01 16:20 - 00005296 _____ () C:\Windows\System32\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-4
2014-07-01 16:20 - 2014-07-01 16:20 - 00005208 _____ () C:\Windows\System32\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-4
2014-07-01 16:20 - 2014-07-01 16:20 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\VOPackage
2014-07-01 16:20 - 2014-07-01 16:20 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\SupTab
2014-07-01 16:20 - 2014-07-01 16:20 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-07-01 16:20 - 2014-07-01 16:20 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-07-01 16:20 - 2014-07-01 16:20 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-07-01 16:20 - 2014-07-01 16:19 - 00006834 _____ () C:\Windows\System32\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-11
2014-07-01 16:20 - 2014-07-01 16:19 - 00006472 _____ () C:\Windows\System32\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-11
2014-07-01 16:20 - 2014-07-01 16:19 - 00006134 _____ () C:\Windows\System32\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-3
2014-07-01 16:19 - 2014-07-01 16:19 - 00005464 _____ () C:\Windows\System32\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-3
2014-07-01 16:19 - 2014-07-01 16:19 - 00003044 _____ () C:\Windows\System32\Tasks\Re-markit Update
2014-07-01 16:19 - 2014-07-01 16:19 - 00002962 _____ () C:\Windows\System32\Tasks\Re-markit_wd
2014-07-01 16:19 - 2014-07-01 16:19 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-07-01 16:19 - 2014-07-01 16:19 - 00000000 ____D () C:\Users\Joe\Documents\Optimizer Pro
2014-07-01 16:19 - 2014-07-01 16:19 - 00000000 ____D () C:\Users\Joe\AppData\Local\globalUpdate
2014-07-01 16:19 - 2014-07-01 16:19 - 00000000 ____D () C:\Program Files (x86)\-Re_Markable
2014-07-01 16:19 - 2014-07-01 16:19 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-07-01 16:19 - 2011-07-15 18:45 - 00001376 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-01 16:19 - 2011-07-15 18:45 - 00001364 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-01 16:19 - 2011-07-15 18:39 - 00001651 _____ () C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-01 16:19 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-01 16:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-07-01 16:17 - 2014-07-01 16:17 - 00000000 _____ () C:\END
2014-07-01 14:53 - 2014-06-23 18:24 - 00000000 ____D () C:\Users\Joe\Documents\Citavi 4
2014-07-01 14:33 - 2013-08-08 00:27 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-30 15:21 - 2009-07-14 12:57 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-06-30 15:21 - 2009-07-14 12:57 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-06-30 15:21 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-30 15:19 - 2014-06-30 15:19 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\Intel
2014-06-30 15:19 - 2011-07-15 18:38 - 00000000 ____D () C:\Users\Joe
2014-06-30 15:19 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ____D () C:\ProgramData\Intel
2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ____D () C:\Program Files\Common Files\Intel
2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-06-30 15:18 - 2014-06-30 15:17 - 00008990 _____ () C:\Windows\DPINST.LOG
2014-06-30 15:18 - 2014-06-30 15:17 - 00000000 ____D () C:\Program Files\Intel
2014-06-30 15:17 - 2014-06-30 15:17 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-25 19:18 - 2009-07-14 13:20 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-25 07:38 - 2012-03-31 22:17 - 00000000 ____D () C:\Users\Joe\Desktop\Bachelor-Thesis
2014-06-23 18:28 - 2014-06-23 18:28 - 00000000 ____D () C:\ProgramData\Gibraltar
2014-06-23 18:28 - 2014-06-23 18:24 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\Swiss Academic Software
2014-06-23 18:25 - 2014-06-23 18:25 - 00000000 ____D () C:\Users\Joe\AppData\Local\Swiss Academic Software
2014-06-23 18:22 - 2014-06-23 18:21 - 00000000 ____D () C:\ProgramData\Swiss Academic Software
2014-06-23 18:21 - 2014-06-23 18:21 - 00001909 _____ () C:\Users\Public\Desktop\Citavi 4.lnk
2014-06-23 18:21 - 2014-06-23 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 4
2014-06-23 18:21 - 2014-06-23 18:20 - 00000000 ____D () C:\Program Files (x86)\Citavi 4
2014-06-23 18:18 - 2013-09-12 16:34 - 00000000 ____D () C:\Users\Joe\AppData\Local\Downloaded Installations
2014-06-23 18:15 - 2014-06-23 18:14 - 88342536 _____ (Swiss Academic Software) C:\Users\Joe\Downloads\Citavi4Setup.exe
2014-06-20 00:43 - 2012-02-15 16:04 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-20 00:43 - 2012-02-15 16:04 - 00003848 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-17 11:18 - 2014-01-08 00:17 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-06-15 23:17 - 2014-01-08 09:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-06-15 23:16 - 2013-10-21 07:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-13 20:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-13 18:33 - 2012-06-24 20:37 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\dvdcss
2014-06-12 21:05 - 2014-06-12 21:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys
2014-06-12 00:03 - 2013-08-14 20:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 00:00 - 2012-01-07 01:54 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 23:56 - 2014-05-06 11:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-11 12:46 - 2014-02-13 00:09 - 00000000 ____D () C:\Users\Joe\Desktop\Programme
2014-06-11 12:45 - 2011-07-16 00:56 - 00000000 ____D () C:\Users\Joe\Desktop\Games
2014-06-11 12:44 - 2012-01-15 23:35 - 00000000 ____D () C:\Users\Joe\Desktop\FH
2014-06-08 11:13 - 2014-06-11 19:25 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-11 19:25 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-03 23:01 - 2013-08-08 00:27 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-03 14:53 - 2014-06-03 14:53 - 00000000 ____D () C:\Users\Joe\AppData\Local\Adobe
2014-06-02 23:42 - 2012-07-10 10:05 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-02 23:42 - 2012-06-23 17:44 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-02 23:42 - 2011-07-15 19:14 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
ZeroAccess:
C:\Users\Joe\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

Files to move or delete:
====================
C:\ProgramData\3595663.pad
C:\ProgramData\3wfltz8.dss
C:\ProgramData\8ztlfw3.bxx
C:\ProgramData\8ztlfw3.fvv
C:\ProgramData\8ztlfw3.pss
C:\Users\Joe\AppData\Roaming\cache.dat


Some content of TEMP:
====================
C:\Users\Joe\AppData\Local\Temp\AutoRun.exe
C:\Users\Joe\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Joe\AppData\Local\Temp\avgnt.exe
C:\Users\Joe\AppData\Local\Temp\CloudBackup9728.exe
C:\Users\Joe\AppData\Local\Temp\CoJBiBLauncher.exe
C:\Users\Joe\AppData\Local\Temp\DeltaTB.exe
C:\Users\Joe\AppData\Local\Temp\dlLogic.exe
C:\Users\Joe\AppData\Local\Temp\dltr.exe
C:\Users\Joe\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Joe\AppData\Local\Temp\drm_dyndata_7290008.dll
C:\Users\Joe\AppData\Local\Temp\drm_dyndata_7390006.dll
C:\Users\Joe\AppData\Local\Temp\GCVerifier.dll
C:\Users\Joe\AppData\Local\Temp\nsdA789.exe
C:\Users\Joe\AppData\Local\Temp\nsiD698.exe
C:\Users\Joe\AppData\Local\Temp\nsoDAFD.exe
C:\Users\Joe\AppData\Local\Temp\nspE6AB.exe
C:\Users\Joe\AppData\Local\Temp\nsu19B0.exe
C:\Users\Joe\AppData\Local\Temp\nsu1E43.exe
C:\Users\Joe\AppData\Local\Temp\nsyABAF.exe
C:\Users\Joe\AppData\Local\Temp\nszEA92.exe
C:\Users\Joe\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Joe\AppData\Local\Temp\optprosetup.exe
C:\Users\Joe\AppData\Local\Temp\p03rvjf4.dll
C:\Users\Joe\AppData\Local\Temp\Setup.X86.de-de_O365ProPlusRetail_19d316b5-bca3-4166-a947-7a896c242b00_TX_PR_.exe
C:\Users\Joe\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Joe\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Joe\AppData\Local\Temp\System.Data.SQLite72832.dll
C:\Users\Joe\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Joe\AppData\Local\Temp\verifier.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2014-06-28 00:51

==================== End Of Log ============================

--- --- ---

Joe04 · 02.07.2014, 08:14

Addition Log:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-07-2014
Ran by Joe at 2014-07-02 09:01:22
Running from C:\Users\Joe\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Activision(R) (x32 Version: 1.00.0000 - Activision) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.7.637 - Adobe Systems, Inc.)
Advanced System Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1) (Version: 2.1.1000.12580 - Systweak Software) <==== ATTENTION
ANNO 1404 - Venedig (HKLM-x32\...\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}) (Version: 2.01.5010 - Ubisoft)
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
ATDheNetTVApp (HKLM-x32\...\1ClickDownload) (Version: 2.1 Build 26473 - ATDheNetTVApp.com)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.450 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Blur(TM) (HKLM-x32\...\InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}) (Version: 1.00.0000 - Activision)
Boost for Internet Explorer (HKLM-x32\...\Boost) (Version: 3.0.0.10 - Verti Technology Group, Inc.)
Borderlands 2 (HKLM-x32\...\Borderlands 2_is1) (Version:  - )
Call of Duty(R) - World at War(TM) (HKLM-x32\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.0 - Activision)
Call of Duty(R) - World at War(TM) (x32 Version: 1.0 - Activision) Hidden
Call of Duty(R) 2 (HKLM-x32\...\InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}) (Version: 1.3 - Activision)
Call of Duty(R) 2 (x32 Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 2 Patch 1.3 (x32 Version: 1.3 - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
Call of Juarez - Bound in Blood (HKLM-x32\...\InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}) (Version: 1.01.0000 - Ubisoft)
Call of Juarez - Bound in Blood (x32 Version: 1.01.0000 - Ubisoft) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MG5300 series Benutzerregistrierung (HKLM-x32\...\Canon MG5300 series Benutzerregistrierung) (Version:  - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version:  - )
Canon MG5300 series On-screen Manual (HKLM-x32\...\Canon MG5300 series On-screen Manual) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.3.0.15 - Swiss Academic Software)
CoH SGAMappack (HKLM-x32\...\{F7B034EF-7F81-4E7A-8D70-BBC0185D5701}_is1) (Version: 1.0 - Henry666)
Command & Conquer 3 (HKLM-x32\...\{B0C30E93-D3D9-4F04-A2AC-54749B573275}) (Version: 1.00.0000 - Ihr Firmenname)
Command & Conquer The First Decade (HKLM-x32\...\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}) (Version: 1.00.0000 - Electronic Arts)
Command & Conquer™ 3: Kanes Rache (HKLM-x32\...\{CC2422C9-F7B5-4175-B295-5EC2283AA674}) (Version: 1.00.0000 - Ihr Firmenname)
Company of Heroes - FAKEMSI (x32 Version: 2.0.0.0 - THQ Inc.) Hidden
Complitly (HKLM-x32\...\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1) (Version:  - Complitly) <==== ATTENTION
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{2BC398D2-11C8-43B1-AB84-675D33EB28C2}) (Version:  - Microsoft)
DiRT2 Demo (HKLM-x32\...\{AE04B8FC-4CD9-4A94-BE8F-C2434470FB11}) (Version: 1.00.0000 - Codemasters)
Driver San Francisco (HKLM-x32\...\Driver San Francisco) (Version: 1.1.0.0 - Ubisoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
EA Installer (HKLM-x32\...\EA Installer.581008153) (Version: 2.3.0.74 - Electronic Arts, Inc.)
fst_de_77 (HKLM-x32\...\fst_de_77_is1) (Version:  - FrEeSoFtOdAy) <==== ATTENTION
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version:  - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version:  - Valve)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
How to Survive (HKLM-x32\...\How to Survive_is1) (Version:  - )
HQube-V1.6 (HKLM-x32\...\HQube-V1.6) (Version: 1.34.6.10 - HQTop-1.6)
Installer (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION
Intel(R) PRO/Wireless Driver (Version: 16.07.0000.0730 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{440d014b-4444-4533-b96d-2910e1ca2bcf}) (Version: 16.7.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.7.0.0297 - Intel Corporation) Hidden
Java 7 Update 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Java(TM) 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216029FF}) (Version: 6.0.290 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Joint Operations: Typhoon Rising (HKLM-x32\...\{0325F1C1-883A-41AB-8981-B27359ABDFAF}) (Version: 1.00.0000 - )
Magic 2014 Demo (HKLM-x32\...\Steam App 213870) (Version:  - Stainless Games)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{B45FABE7-D101-4D99-A671-E16DA40AF7F0}) (Version: 3.0.86.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{B578C85A-A84C-4230-A177-C5B2AF565B8C}) (Version: 3.0.17.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4623.1003 - Microsoft Corporation)
Microsoft Office 64-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Excel 2007 (HKLM-x32\...\EXCEL) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Excel 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Korrekturhilfen 2013 - Deutsch (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visio MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Visio Professional 2013 (HKLM-x32\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visio Professional 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 13.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 13.0.1 (x86 de)) (Version: 13.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 13.0.1 - Mozilla)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.2 - MusicBrainz)
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
myPrintMileage (Officejet Pro 8000 A809) (HKLM-x32\...\{B10A30CF-CCFF-4056-9ABC-F8D42BDF141F}) (Version: 1.00.0000 - Hewlett-Packard)
NVIDIA 3D Vision Controller Driver (x32 Version: 275.33 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller-Treiber 275.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 275.33 - NVIDIA Corporation)
NVIDIA Grafiktreiber 275.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 275.33 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.275.80.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Systemsteuerung 275.33 (Version: 275.33 - NVIDIA Corporation) Hidden
NVIDIA Update 1.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.3.5 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.3.5 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF24 Creator 5.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Photomizer (HKLM-x32\...\{A00F8237-F496-44D2-0001-E3CCF8CD58AE}) (Version: 1.3.12.723 - Engelmann Media GmbH)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.5 - Power Software Ltd)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Rapture3D 2.3.26 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Re-markit (HKLM-x32\...\4CDB3EF2-C52A-85BE-9965-6A90881C2FD5) (Version:  - Re-markit-software) <==== ATTENTION
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Samsung PC Studio 3 USB Driver Installer (HKLM-x32\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
Sansa Updater (HKCU\...\Sansa Updater) (Version: 1.406 - SanDisk Corporation)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.15.11.3 - Client Connect LTD) <==== ATTENTION
Secure Download Manager (HKLM-x32\...\{E98D115E-D621-4723-8AF0-147BADA9A466}) (Version: 3.1.40 - Kivuto Solutions Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{8D2E04ED-3350-4ECE-9D6E-3BC9A9A93A47}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shutdown Timer (HKLM\...\{373934DC-C16C-4CB5-83E2-1E5498CF99EC}) (Version: 3.0 - Sinvise Systems)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SopCast 3.4.0 (HKLM-x32\...\SopCast) (Version: 3.4.0 - www.sopcast.com)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPER © v2012.build.54 (Nov 18, 2012) Version v2012.build.54 (HKLM-x32\...\{8F311E92-C29F-4DF9-8259-B739A1831669}_is1) (Version: v2012.build.54 - eRightSoft)
Supra Savings (HKLM\...\Supra Savings) (Version:  - SupraSavings) <==== ATTENTION
suprasavings (HKLM\...\suprasavings) (Version: 2.0.1 - suprasavings) <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Speedup (HKLM-x32\...\System Speedup_is1) (Version: 2.1 - systemspeedup.com)
Titan Quest (HKLM-x32\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore)
Titan Quest Immortal Throne (HKLM-x32\...\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}) (Version: 1.00.0000 - Iron Lore)
Tom Clancy's Rainbow Six Vegas 2 (HKLM-x32\...\{FD416706-875C-4B0B-A23A-9E740DAE029E}) (Version: 1.00 - Ubisoft)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881014) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.VISPROR_{33BAD262-B737-4DFA-8527-02961A9CE7BB}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_EXCEL_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{A7610F07-E844-4444-8E1D-D5BC8AD0B4C5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{66421820-D3CA-450A-898C-78D7E40108E6}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2826040) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{B7EA8070-C37F-4617-82F4-52CF3304595A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.VISPROR_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2878313) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{1FB43AFB-8112-41B9-B9A6-A43474F46123}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880457) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{D27F6360-AE1E-4C8C-8ECD-C0375E20B923}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.VISPROR_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880464) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{06EF2BF7-7351-4D70-A0D5-588FCCF9808D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880476) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.VISPROR_{DDF64A37-8E32-406E-A94C-9F5B03661A21}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880476) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{DDF64A37-8E32-406E-A94C-9F5B03661A21}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{7C5CEE0F-6823-4BB7-A28F-76FEC14EB6AC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880991) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0407-0000-0000000FF1CE}_Office15.VISPROR_{071A9ED9-C72F-4CDA-9A88-F100C5EF9EE1}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880991) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0409-0000-0000000FF1CE}_Office15.VISPROR_{3365FE58-896F-45DE-8051-E48F6D8069FD}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880991) 32-Bit Edition (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}_Office15.VISPROR_{A2D4D766-14AE-46CA-BD99-801FB1523626}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880991) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0410-0000-0000000FF1CE}_Office15.VISPROR_{FE13BE31-2B5B-4D4E-8538-B3BB9B370C66}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881018) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.VISPROR_{D3CFB57E-39C0-4D2F-96D2-EC8BB1DB369D}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881018) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0407-1000-0000000FF1CE}_Office15.VISPROR_{D3CFB57E-39C0-4D2F-96D2-EC8BB1DB369D}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2880458) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.VISPROR_{E102B907-56A0-476E-9D7F-D74C7C42527F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version:  - Microsoft)
Update for Microsoft Visio 2013 (KB2878322) 32-Bit Edition (HKLM-x32\...\{90150000-0054-0407-0000-0000000FF1CE}_Office15.VISPROR_{99298FA5-31E3-4F40-A6AF-021459F6F37D}) (Version:  - Microsoft)
Update for Microsoft Visio 2013 (KB2878322) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{99298FA5-31E3-4F40-A6AF-021459F6F37D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.VISPROR_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_EXCEL_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Veetle TV (HKLM-x32\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc)
video MediaPlay-Air (HKLM-x32\...\video MediaPlay-Air) (Version: 1.34.6.10 - enter) <==== ATTENTION
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Vodafone Mobile Broadband (HKLM-x32\...\{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}) (Version: 10.3.204.39000 - Vodafone)
vShare.tv plugin 1.3 (HKLM-x32\...\vShare.tv plugin) (Version: 1.3 - vShare.tv, Inc.) <==== ATTENTION
Weather It Up (HKLM-x32\...\Weather It Up) (Version: 1.34.6.10 - Phoenix Media)
WebInternetSecurity (HKCU\...\webinternetsecurity) (Version:  - WebInternetSecurity) <==== ATTENTION
webssearches uninstaller (HKLM-x32\...\webssearches uninstaller) (Version:  - webssearches) <==== ATTENTION
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WindowsMangerProtect20.0.0.502 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.502 - WindowsProtect LIMITED)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR Archivierer (HKLM-x32\...\WinRAR archiver) (Version:  - )
Wolfenstein (HKLM-x32\...\InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}) (Version: 1.0 - Activision)
Wolfenstein (x32 Version: 1.0 - Activision) Hidden

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-07-01 22:29 - 00004422 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	capitalimonline.com
127.0.0.1	www.verifi-infonet.com
127.0.0.1	www.forsil-srl.com
127.0.0.1	trustedppiclaims.co.uk
127.0.0.1	ftp.signara.org
127.0.0.1	buy-fifa-ultimateteam-coins.com
127.0.0.1	pay.pal-schutz.com
127.0.0.1	swqk3xftx38.h149.pp39dk.com
127.0.0.1	robertoleal.es
127.0.0.1	verifi-infonet.com
127.0.0.1	ssl.paypal.secure.your.billing.information.mytrickworld.com
127.0.0.1	lastminute-ibiza.net
127.0.0.1	myaccount.aol.com.onlineaccounts.upgrade.online.billing.account.update.alcaldiadearaure.gob.ve
127.0.0.1	www.rhnp.org
127.0.0.1	173.214.178.24
127.0.0.1	bit.ly
127.0.0.1	www.axisengneering.com
127.0.0.1	www.positive-eft.com
127.0.0.1	hw0vrcfmu0fpd.com
127.0.0.1	www.art3c.com.tw
127.0.0.1	www.kielkoppfest.harzwinter.net
127.0.0.1	www.battle.net-account.asxp.cn.com
127.0.0.1	mgstrategiesstudio.com
127.0.0.1	www.paypal.com.p2jdb5zb17llxg1i.0243cn71m8gjun1.com
127.0.0.1	paypal.com.update.account.toughbook.cl
127.0.0.1	www.lappen-123.no
127.0.0.1	www.paypal-update.visitasgratis.info
127.0.0.1	stromarket.ru
127.0.0.1	www.ocevap.com

There are 63 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {07870BF4-0E26-4C8E-86A8-EAE8E86AB707} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-06-17] (Microsoft Corporation)
Task: {083D9BF2-A350-46D7-A009-F0C3EB1CE756} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {0FCD3A83-6424-4686-AFBB-94540C783304} - System32\Tasks\System Speedup_UPDATES => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe [2013-12-13] (System Speedup)
Task: {1673B6C7-0D31-4DB8-A49B-C913C1DC7E2E} - System32\Tasks\System Speedup_DEFAULT => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe [2013-12-13] (System Speedup)
Task: {3092BE9B-D7D2-4A9C-BDFF-01E3CB952A16} - System32\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-1 => C:\Program Files (x86)\Weather It Up\Weather It Up-codedownloader.exe [2014-07-02] (Phoenix Media)
Task: {32E1E90E-309E-408C-879D-579D822EFE5C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-15] (Google Inc.)
Task: {3C26D598-E2A5-49D8-BFD9-7F088132FC42} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-02] (Adobe Systems Incorporated)
Task: {400F7083-CE3D-4B8D-B169-636D949B6FA1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-06-17] (Microsoft Corporation)
Task: {4479D6A3-CE1F-4EA5-8AB8-C579B544D7AE} - System32\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-11 => C:\Program Files (x86)\HQube-V1.6\29d989c7-1a71-4010-8cd0-9237e6a26eb4-11.exe [2014-07-01] (HQTop-1.6)
Task: {46AFC184-84FE-429C-B0AD-56A420FD4C53} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-15] (Google Inc.)
Task: {4C99B98E-2F50-421E-BAAD-91DBD79BE3FA} - System32\Tasks\Re-markit_wd => C:\Program Files (x86)\-Re_Markable\wdRe-markiti.exe [2014-07-01] () <==== ATTENTION
Task: {4E168A06-49B5-478C-A3EA-99AFA85691A2} - System32\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-1 => C:\Program Files (x86)\HQube-V1.6\HQube-V1.6-codedownloader.exe
Task: {4F11DCD1-C5E0-4169-95DB-F74926ADB25E} - System32\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-10 => C:\Program Files (x86)\HQube-V1.6\29d989c7-1a71-4010-8cd0-9237e6a26eb4-10.exe [2014-07-01] (HQTop-1.6)
Task: {5182493A-891B-4D0D-948A-DD02AEE8EBD3} - System32\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-5 => C:\Program Files (x86)\video MediaPlay-Air\7c0ceb46-411a-472a-9df7-f9c248bbe900-5.exe [2014-07-01] (enter) <==== ATTENTION
Task: {54614504-7C85-48AE-8262-816BE01CD976} - System32\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-4 => C:\Program Files (x86)\video MediaPlay-Air\7c0ceb46-411a-472a-9df7-f9c248bbe900-4.exe [2014-07-01] (enter) <==== ATTENTION
Task: {55F621A9-5D7E-4005-A0C6-5C2F1A359977} - System32\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-1 => C:\Program Files (x86)\video MediaPlay-Air\video MediaPlay-Air-codedownloader.exe [2014-07-01] (enter) <==== ATTENTION
Task: {6C87534A-C34D-47B2-985C-741CC09B11C1} - System32\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-2 => C:\Program Files (x86)\video MediaPlay-Air\7c0ceb46-411a-472a-9df7-f9c248bbe900-2.exe [2014-07-01] (enter) <==== ATTENTION
Task: {6DE76B0D-5F46-473C-A213-7E61B26D572E} - System32\Tasks\System Speedup => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe [2013-12-13] (System Speedup)
Task: {6E40239C-862F-47B5-B356-8668E53ECCA6} - System32\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-3 => C:\Program Files (x86)\video MediaPlay-Air\7c0ceb46-411a-472a-9df7-f9c248bbe900-3.exe [2014-07-01] (enter) <==== ATTENTION
Task: {71ADE8FB-0145-40C0-8564-96AC3927EE72} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-07-02] (globalUpdate) <==== ATTENTION
Task: {7BD7C834-4B4A-43AF-81E3-E3E45576C408} - System32\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-4 => C:\Program Files (x86)\Weather It Up\9ac29ed9-d605-445d-ab51-5460993c2e60-4.exe [2014-07-02] (Phoenix Media)
Task: {7D50953C-F3F1-4CD7-9F51-AE272B3658BB} - System32\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-5 => C:\Program Files (x86)\Weather It Up\9ac29ed9-d605-445d-ab51-5460993c2e60-5.exe [2014-07-02] (Phoenix Media)
Task: {7F0CC97A-9B76-4A9A-9D05-BBB3B225AF30} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {7F0EBBB2-AF1E-4974-8770-5259CAC5CB2C} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Joe´s-PC-Joe Joe´s-PC => C:\Program Files\Microsoft Office 15\root\Office15\MsoSync.exe [2014-06-17] (Microsoft Corporation)
Task: {837C06CE-1F85-4ECD-9111-2F8978DE5D74} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-17] (Microsoft Corporation)
Task: {84B76650-D83D-4F7E-AE0E-979648CD2404} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-05-13] (Microsoft Corporation)
Task: {91E570F7-D5C9-4DF4-B337-1F0CD6E08E5E} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [2014-01-15] (Systweak) <==== ATTENTION
Task: {928984E5-0911-4399-BC42-CEB0B02E9F5B} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION
Task: {A5BC3A41-C8AE-46DE-B3F0-3A7839D59E42} - System32\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-5 => C:\Program Files (x86)\HQube-V1.6\29d989c7-1a71-4010-8cd0-9237e6a26eb4-5.exe [2014-07-01] (HQTop-1.6)
Task: {AD56AD32-4FBA-4494-8586-C441BF419672} - System32\Tasks\Re-markit Update => C:\Program Files (x86)\-Re_Markable\appRe-markitW51.exe [2014-07-01] () <==== ATTENTION
Task: {B61F5613-C973-4E3C-98F9-B9E44F12DD92} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-07-02] (globalUpdate) <==== ATTENTION
Task: {B9D498B9-96D9-484A-8387-1DBEF3FD0C6D} - System32\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-11 => C:\Program Files (x86)\video MediaPlay-Air\7c0ceb46-411a-472a-9df7-f9c248bbe900-11.exe [2014-07-01] (enter) <==== ATTENTION
Task: {C4AF6F60-E02F-4FAC-A41A-E2B952F5BF2C} - System32\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-4 => C:\Program Files (x86)\HQube-V1.6\29d989c7-1a71-4010-8cd0-9237e6a26eb4-4.exe [2014-07-01] (HQTop-1.6)
Task: {C58BF484-6ACF-48E0-9856-A1297882A5A3} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {D5A25039-6583-46E5-9769-C64293DD1D6D} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {D6D6E326-0912-4FBE-91D6-F5516D9368D4} - System32\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-2 => C:\Program Files (x86)\Weather It Up\9ac29ed9-d605-445d-ab51-5460993c2e60-2.exe [2014-07-02] (Phoenix Media)
Task: {E5E0EF1F-6593-49D1-9458-D5EEDB55901D} - System32\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-2 => C:\Program Files (x86)\HQube-V1.6\29d989c7-1a71-4010-8cd0-9237e6a26eb4-2.exe [2014-07-01] (HQTop-1.6)
Task: {EE6EFAEC-AC0D-493D-A712-FE6E34EB2EC2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {F2A6CABF-5F81-4262-A8FD-D401ECFEF9D2} - System32\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-11 => C:\Program Files (x86)\Weather It Up\9ac29ed9-d605-445d-ab51-5460993c2e60-11.exe [2014-07-02] (Phoenix Media)
Task: {F3A448AF-F7F0-49D2-939F-6C562F5874BF} - System32\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-3 => C:\Program Files (x86)\HQube-V1.6\29d989c7-1a71-4010-8cd0-9237e6a26eb4-3.exe [2014-07-01] (HQTop-1.6)
Task: C:\Windows\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-1.job => C:\Program Files (x86)\HQube-V1.6\HQube-V1.6-codedownloader.exe
Task: C:\Windows\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-10.job => C:\Program Files (x86)\HQube-V1.6\29d989c7-1a71-4010-8cd0-9237e6a26eb4-10.exe
Task: C:\Windows\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-11.job => C:\Program Files (x86)\HQube-V1.6\29d989c7-1a71-4010-8cd0-9237e6a26eb4-11.exe
Task: C:\Windows\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-2.job => C:\Program Files (x86)\HQube-V1.6\29d989c7-1a71-4010-8cd0-9237e6a26eb4-2.exe
Task: C:\Windows\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-3.job => C:\Program Files (x86)\HQube-V1.6\29d989c7-1a71-4010-8cd0-9237e6a26eb4-3.exe
Task: C:\Windows\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-4.job => C:\Program Files (x86)\HQube-V1.6\29d989c7-1a71-4010-8cd0-9237e6a26eb4-4.exe
Task: C:\Windows\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-5.job => C:\Program Files (x86)\HQube-V1.6\29d989c7-1a71-4010-8cd0-9237e6a26eb4-5.exe
Task: C:\Windows\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-5_user.job => C:\Program Files (x86)\HQube-V1.6\29d989c7-1a71-4010-8cd0-9237e6a26eb4-5.exe
Task: C:\Windows\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-1.job => C:\Program Files (x86)\video MediaPlay-Air\video MediaPlay-Air-codedownloader.exe
Task: C:\Windows\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-11.job => C:\Program Files (x86)\video MediaPlay-Air\7c0ceb46-411a-472a-9df7-f9c248bbe900-11.exe
Task: C:\Windows\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-2.job => C:\Program Files (x86)\video MediaPlay-Air\7c0ceb46-411a-472a-9df7-f9c248bbe900-2.exe
Task: C:\Windows\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-3.job => C:\Program Files (x86)\video MediaPlay-Air\7c0ceb46-411a-472a-9df7-f9c248bbe900-3.exe
Task: C:\Windows\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-4.job => C:\Program Files (x86)\video MediaPlay-Air\7c0ceb46-411a-472a-9df7-f9c248bbe900-4.exe
Task: C:\Windows\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-5.job => C:\Program Files (x86)\video MediaPlay-Air\7c0ceb46-411a-472a-9df7-f9c248bbe900-5.exe
Task: C:\Windows\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-5_user.job => C:\Program Files (x86)\video MediaPlay-Air\7c0ceb46-411a-472a-9df7-f9c248bbe900-5.exe
Task: C:\Windows\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-1.job => C:\Program Files (x86)\Weather It Up\Weather It Up-codedownloader.exe
Task: C:\Windows\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-11.job => C:\Program Files (x86)\Weather It Up\9ac29ed9-d605-445d-ab51-5460993c2e60-11.exe
Task: C:\Windows\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-2.job => C:\Program Files (x86)\Weather It Up\9ac29ed9-d605-445d-ab51-5460993c2e60-2.exe
Task: C:\Windows\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-4.job => C:\Program Files (x86)\Weather It Up\9ac29ed9-d605-445d-ab51-5460993c2e60-4.exe
Task: C:\Windows\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-5.job => C:\Program Files (x86)\Weather It Up\9ac29ed9-d605-445d-ab51-5460993c2e60-5.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Re-markit Update.job => C:\Program Files (x86)\-Re_Markable\appRe-markitW51.exe <==== ATTENTION
Task: C:\Windows\Tasks\Re-markit_wd.job => C:\Program Files (x86)\-Re_Markable\wdRe-markiti.exe <==== ATTENTION
Task: C:\Windows\Tasks\System Speedup_DEFAULT.job => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
Task: C:\Windows\Tasks\System Speedup_UPDATES.job => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe

==================== Loaded Modules (whitelisted) =============

2010-07-15 06:44 - 2010-07-15 06:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2011-07-15 19:26 - 2005-06-07 12:26 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2014-03-15 19:19 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2011-10-28 23:00 - 2014-04-21 01:15 - 00075064 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2011-10-28 23:00 - 2014-04-21 01:14 - 00214520 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-07-01 16:19 - 2014-07-01 16:19 - 00179200 _____ () C:\Program Files (x86)\-Re_Markable\Re-markitSl174.exe
2014-07-01 16:20 - 2014-07-01 16:20 - 00073216 _____ () C:\Users\Joe\AppData\Roaming\VOPackage\VOsrv.exe
2014-07-01 16:22 - 2014-07-01 16:22 - 00172544 _____ () C:\Program Files (x86)\CB78F643-3729-434F-8C25-F28D15F025F3\SupraSavingsService64.exe
2014-06-12 21:05 - 2014-06-12 21:05 - 00110080 _____ () C:\Program Files (x86)\CB78F643-3729-434F-8C25-F28D15F025F3\nfapi.dll
2014-06-12 21:05 - 2014-06-12 21:05 - 00456192 _____ () C:\Program Files (x86)\CB78F643-3729-434F-8C25-F28D15F025F3\ProtocolFilters.dll
2014-04-21 21:24 - 2014-04-21 21:24 - 00392704 _____ () C:\Program Files (x86)\Boost\BoostUpdater.exe
2014-07-01 22:06 - 2014-06-16 13:03 - 03532288 _____ () C:\Program Files (x86)\fst_de_77\freeSoftToday_widget.exe
2011-07-15 18:45 - 2012-06-18 18:58 - 02042848 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-06-23 18:21 - 2014-01-28 07:47 - 00430080 _____ () C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox\components\FirefoxPickerCommunication.dll
2014-05-14 11:25 - 2014-06-02 23:42 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^Users^Joe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: Christmas Garland Light => C:\Users\Joe\Downloads\ChristmasGarlandLight.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Joe\Programme\Netzwerk online\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: PDFPrint => C:\Joe\Programme\PDF24\pdf24.exe
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: Steam => "C:\Joe\Games(install)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: WinampAgent => C:\Joe\Programme\Winamp\winampa.exe

==================== Faulty Device Manager Devices =============

Name: Realtek RTL8168D/8111D-Familie-PCI-E-Gigabit-Ethernet-NIC (NDIS 6.20)
Description: Realtek RTL8168D/8111D-Familie-PCI-E-Gigabit-Ethernet-NIC (NDIS 6.20)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/02/2014 08:40:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SystemSpeedup.exe, Version 2.1.72.2820 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2e54

Startzeit: 01cf95bfe1180a0a

Endzeit: 10

Anwendungspfad: C:\Program Files (x86)\System Speedup\SystemSpeedup.exe

Berichts-ID:

Error: (07/02/2014 08:38:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: freeSoftToday_widget.exe, Version: 0.0.0.0, Zeitstempel: 0x539ec5e5
Name des fehlerhaften Moduls: freeSoftToday_widget.exe, Version: 0.0.0.0, Zeitstempel: 0x539ec5e5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00006530
ID des fehlerhaften Prozesses: 0x14cc
Startzeit der fehlerhaften Anwendung: 0xfreeSoftToday_widget.exe0
Pfad der fehlerhaften Anwendung: freeSoftToday_widget.exe1
Pfad des fehlerhaften Moduls: freeSoftToday_widget.exe2
Berichtskennung: freeSoftToday_widget.exe3

Error: (07/02/2014 08:35:02 AM) (Source: MsiInstaller) (EventID: 11309) (User: Joe´s-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.

Error: (07/02/2014 08:19:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17126, Zeitstempel: 0x53882e30
Name des fehlerhaften Moduls: jscript9.dll, Version: 11.0.9600.17126, Zeitstempel: 0x53883991
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00011d06
ID des fehlerhaften Prozesses: 0x14b0
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (07/02/2014 08:14:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17126, Zeitstempel: 0x53882e30
Name des fehlerhaften Moduls: HQube-V1.6-bho.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x53b1df78
Ausnahmecode: 0xc0000005
Fehleroffset: 0x03d0244f
ID des fehlerhaften Prozesses: 0x1708
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (07/02/2014 08:14:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17126, Zeitstempel: 0x53882e30
Name des fehlerhaften Moduls: jscript9.dll, Version: 11.0.9600.17126, Zeitstempel: 0x53883991
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00011d06
ID des fehlerhaften Prozesses: 0x1200
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (07/01/2014 04:23:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AnyProtect.exe, Version: 1.0.0.1, Zeitstempel: 0x53b27307
Name des fehlerhaften Moduls: Flash32_13_0_0_214.ocx, Version: 13.0.0.214, Zeitstempel: 0x5359c422
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00139c53
ID des fehlerhaften Prozesses: 0x918
Startzeit der fehlerhaften Anwendung: 0xAnyProtect.exe0
Pfad der fehlerhaften Anwendung: AnyProtect.exe1
Pfad des fehlerhaften Moduls: AnyProtect.exe2
Berichtskennung: AnyProtect.exe3

Error: (06/29/2014 02:14:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (06/28/2014 10:49:22 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936

Error: (06/28/2014 10:49:22 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {6C0A448F-55CD-41DD-A855-881137609640}


System errors:
=============
Error: (07/02/2014 08:14:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "vxlsnyaiet64" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/02/2014 07:58:54 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.

Error: (07/02/2014 07:55:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Search Protect Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/02/2014 07:55:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/02/2014 07:55:40 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.

Error: (07/01/2014 04:20:45 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053MSIServer{000C101C-0000-0000-C000-000000000046}

Error: (07/01/2014 04:20:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Installer" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/01/2014 04:20:40 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Installer erreicht.

Error: (06/30/2014 09:10:26 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (06/30/2014 08:14:01 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.


Microsoft Office Sessions:
=========================
Error: (11/07/2013 09:46:00 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 3276 seconds with 1740 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 58%
Total physical RAM: 4078.07 MB
Available physical RAM: 1680.51 MB
Total Pagefile: 8154.32 MB
Available Pagefile: 5452.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:14.51 GB) NTFS
Drive e: (CNC3KW) (CDROM) (Total:7.54 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 1E6B5789)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

deeprybka · 02.07.2014, 10:36

Hi, so geht's weiter...

Schritt 1

Bitte deinstalliere folgende Programme:

Java 7 Update 7
Java(TM) 6 Update 22
Java(TM) 6 Update 29
Advanced System Protector
Complitly
fst_de_77
Installer
MyPC Backup
Re-markit
Search Protect
Supra Savings
suprasavings
video MediaPlay-Air
vShare.tv plugin 1.3
WebInternetSecurity
webssearches uninstaller

Versuche es bei Windows 7

zunächst über Systemsteuerung/Programme deinstallieren.

Sollte das nicht gehen, lade Dir bitte Revo Uninstaller

hier herunter. Entpacke die zip-Datei auf den Desktop.

Starte die Revouninstaller.exe
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den oben angegebenen Programmen und wähle sie einzeln aus.
Klicke jedesmal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:

Schritt 2
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Code:

ATTFilter

ZeroAccess:
C:\Users\Joe\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

Du hast/hattest ZeroAccess auf der Platte. Keine sensiblen Logins mehr von diesem PC bis zum >clean<. Wenn Du online-Banking, paypal etc. mit diesem PC gemacht hast, dann würde ich die Passwörter von einem anderen (sauberen) PC, Handy ändern.

Solltest Du Combofix nicht runterladen können, dann bitte via USB-Stick von einem anderen PC auf den Desktop des infizierten PCs transferieren.

Schritt 3
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Joe04 · 02.07.2014, 14:09

Mahlzeit Jürgen,

Habe die beiden Dateien:
Supra Savings
suprasavings

leider nicht finden können.
Weiterhin habe ich andere verdächtig aussehende Programme gefunden aber noch nicht deinstalliert, da ich das ja noch nicht tun soll

Boost for Internet Explorer
System Speedup
WindowsManagerProtect20.0.0.502
WinPcap4.1.2

Ich habe auch währrend der Deinstallationen häufiger eldungen meines Avira Antivir bekommen. Hätte ich den nicht vorher ausstellen müssen?

Befasse mich also erst mit Schritt 3 bis du mir das "GO" gibst.
AdwCleaner trotzdem ausgeführt und zu folgendem Ergebnis gekommen:

Code:

ATTFilter

# AdwCleaner v3.213 - Bericht erstellt am 02/07/2014 um 14:55:05
# Aktualisiert 23/06/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Joe - JOE´S-PC
# Gestartet von : C:\Users\Joe\Desktop\adwcleaner_3.213.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : BackupStack
[#] Dienst Gelöscht : globalUpdate
[#] Dienst Gelöscht : globalUpdatem
Dienst Gelöscht : IePluginServices

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\374311380 
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\IePluginServices
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Speedup
Ordner Gelöscht : C:\Program Files (x86)\ATDheNetTVApp.com
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\Program Files (x86)\System Speedup
Ordner Gelöscht : C:\Program Files\003
Ordner Gelöscht : C:\Program Files\SupraSavings
Ordner Gelöscht : C:\Users\Joe\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Joe\AppData\Local\Freesofttoday
Ordner Gelöscht : C:\Users\Joe\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Joe\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\Joe\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Joe\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Joe\AppData\Roaming\SupTab
Ordner Gelöscht : C:\Users\Joe\AppData\Roaming\System Speedup
Ordner Gelöscht : C:\Users\Joe\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ATDheNetTVApp.com
Ordner Gelöscht : C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Ordner Gelöscht : C:\Users\Joe\Documents\Optimizer Pro
Ordner Gelöscht : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\WinampToolbarData
Ordner Gelöscht : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\{0B38152B-1B20-484D-A11F-5E04A9B0661F}
Ordner Gelöscht : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\faststartff@gmail.com
Ordner Gelöscht : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\ffxtlbr@incredibar.com
Ordner Gelöscht : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\18c3bc7a-b2aa-43c1-885a-665d2f25cf89@d6802e59-3519-4428-bef7-bce888d550bb.com
Ordner Gelöscht : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\f80af4ec-42b9-429d-99b0-4078ec7cf864@44882d20-8865-4b13-b79e-ae8470d9a955.com
Ordner Gelöscht : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com
Datei Gelöscht : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\freehdsport@freehdsport.tv.xpi
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Joe\AppData\Roaming\aps.uninstall.scan.results
Datei Gelöscht : C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
Datei Gelöscht : C:\Users\Joe\Desktop\Continue VuuPC Installation.lnk
Datei Gelöscht : C:\Users\Joe\Desktop\MyPC Backup.lnk
Datei Gelöscht : C:\Users\Joe\Desktop\Sync Folder.lnk
Datei Gelöscht : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\searchplugins\aol-web-search.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\searchplugins\MyStart Search.xml
Datei Gelöscht : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\searchplugins\searchya.xml
Datei Gelöscht : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\searchplugins\Startsear.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\webssearches.xml
Datei Gelöscht : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\user.js
Datei Gelöscht : C:\Windows\Tasks\APSnotifierPP1.job
Datei Gelöscht : C:\Windows\System32\Tasks\APSnotifierPP1
Datei Gelöscht : C:\Windows\Tasks\APSnotifierPP2.job
Datei Gelöscht : C:\Windows\System32\Tasks\APSnotifierPP2
Datei Gelöscht : C:\Windows\Tasks\APSnotifierPP3.job
Datei Gelöscht : C:\Windows\System32\Tasks\APSnotifierPP3
Datei Gelöscht : C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
Datei Gelöscht : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
Datei Gelöscht : C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
Datei Gelöscht : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
Datei Gelöscht : C:\Windows\Tasks\System Speedup_DEFAULT.job
Datei Gelöscht : C:\Windows\System32\Tasks\System Speedup_DEFAULT
Datei Gelöscht : C:\Windows\Tasks\System Speedup_UPDATES.job
Datei Gelöscht : C:\Windows\System32\Tasks\System Speedup_UPDATES
Datei Gelöscht : C:\Windows\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-1.job
Datei Gelöscht : C:\Windows\System32\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-1
Datei Gelöscht : C:\Windows\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-10.job
Datei Gelöscht : C:\Windows\System32\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-10
Datei Gelöscht : C:\Windows\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-11.job
Datei Gelöscht : C:\Windows\System32\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-11
Datei Gelöscht : C:\Windows\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-2.job
Datei Gelöscht : C:\Windows\System32\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-2
Datei Gelöscht : C:\Windows\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-3.job
Datei Gelöscht : C:\Windows\System32\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-3
Datei Gelöscht : C:\Windows\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-4.job
Datei Gelöscht : C:\Windows\System32\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-4
Datei Gelöscht : C:\Windows\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-5.job
Datei Gelöscht : C:\Windows\System32\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-5
Datei Gelöscht : C:\Windows\Tasks\29d989c7-1a71-4010-8cd0-9237e6a26eb4-5_user.job
Datei Gelöscht : C:\Windows\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-4.job
Datei Gelöscht : C:\Windows\System32\Tasks\7c0ceb46-411a-472a-9df7-f9c248bbe900-4
Datei Gelöscht : C:\Windows\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-1.job
Datei Gelöscht : C:\Windows\System32\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-1
Datei Gelöscht : C:\Windows\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-11.job
Datei Gelöscht : C:\Windows\System32\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-11
Datei Gelöscht : C:\Windows\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-2.job
Datei Gelöscht : C:\Windows\System32\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-2
Datei Gelöscht : C:\Windows\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-4.job
Datei Gelöscht : C:\Windows\System32\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-4
Datei Gelöscht : C:\Windows\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-5.job
Datei Gelöscht : C:\Windows\System32\Tasks\9ac29ed9-d605-445d-ab51-5460993c2e60-5

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gelöscht : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bgnnidmnbdkmhfkjgdnngciimpdgohok
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Movie2KDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411911136}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511951168}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422912236}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522952268}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455915536}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555955568}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466916636}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566956668}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444914436}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544954468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411911136}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511951168}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511951168}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411911136}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511951168}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422912236}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522952268}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455915536}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555955568}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466916636}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566956668}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411911136}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511951168}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\powerpack
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\SweetIM
Schlüssel Gelöscht : HKCU\Software\System Speedup
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\TutoTag
Schlüssel Gelöscht : HKCU\Software\vShare.tv
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Re_Markable
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\suprasavings
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\IB Updater
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\installedbrowserextensions
Schlüssel Gelöscht : HKLM\Software\SimplyGen
Schlüssel Gelöscht : HKLM\Software\SupDp
Schlüssel Gelöscht : HKLM\Software\suprasavings
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\SweetIM
Schlüssel Gelöscht : HKLM\Software\System Speedup
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Tutorials
Schlüssel Gelöscht : HKLM\Software\webssearchesSoftware
Schlüssel Gelöscht : HKLM\Software\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Speedup_is1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\IB Updater
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\installedbrowserextensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Supra Savings
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\suprasavings
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Supra Savings
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\suprasavings
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~1.DLL
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~2.DLL

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17126

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v13.0.1 (de)

[ Datei : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\prefs.js ]

Zeile gelöscht : user_pref("aol_toolbar.surf.date", "23");
Zeile gelöscht : user_pref("aol_toolbar.surf.lastDate", "13");
Zeile gelöscht : user_pref("aol_toolbar.surf.lastMonth", "6");
Zeile gelöscht : user_pref("aol_toolbar.surf.lastYear", "2012");
Zeile gelöscht : user_pref("aol_toolbar.surf.month", "37");
Zeile gelöscht : user_pref("aol_toolbar.surf.prevMonth", "0");
Zeile gelöscht : user_pref("aol_toolbar.surf.total", "38");
Zeile gelöscht : user_pref("aol_toolbar.surf.week", "37");
Zeile gelöscht : user_pref("aol_toolbar.surf.year", "37");
Zeile gelöscht : user_pref("browser.search.defaultengine", "Web Search");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "webssearches");
Zeile gelöscht : user_pref("browser.search.order.1", "Web Search");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://istart.webssearches.com/?type=hp&ts=1404224363&from=tugs&uid=WDCXWD5000BEVT-22ZAT0_WD-WX10A992850228502");
Zeile gelöscht : user_pref("extensions.a18c3bc7ab2aa43c1885a665d2f25cf89d6802e5935194428bef7bce888d550bbcom49136.49136.internaldb.Resources_meta.value", "%7B%22html/popup.html%22%3A%7B%22id%22%3A526988%2C%22ver%22%3A6[...]
Zeile gelöscht : user_pref("extensions.a18c3bc7ab2aa43c1885a665d2f25cf89d6802e5935194428bef7bce888d550bbcom49136.49136.internaldb.Resources_resource_526988.value", "%22%3C%21DOCTYPE%20HTML%3E%5Cn%3Chtml%20lang%3D%5C%2[...]
Zeile gelöscht : user_pref("extensions.a18c3bc7ab2aa43c1885a665d2f25cf89d6802e5935194428bef7bce888d550bbcom49136.49136.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Zeile gelöscht : user_pref("extensions.af80af4ec42b9429d99b04078ec7cf86444882d2088654b13b79eae8470d9a955com59568.59568.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Zeile gelöscht : user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Zeile gelöscht : user_pref("extensions.crossrider.bic", "146f24db96794c2b3024eb6643b95c1c");
Zeile gelöscht : user_pref("extensions.incredibar.RadioMyStations", "[{\"id\":\"1069\",\"name\":\"ORS Romántica en español\",\"url\":\"hxxp://www.orsradio.com/oldies56k.asx\",\"streamType\":\"mp\"},{\"id\":\"1213\",\"[...]
Zeile gelöscht : user_pref("extensions.incredibar.actvtyRptTime", "1361812104162");
Zeile gelöscht : user_pref("extensions.incredibar.admin", false);
Zeile gelöscht : user_pref("extensions.incredibar.afd-1a2d3abe806f9951da73a33d41fcfc9c", "%7B%22items%22%3A%5B%7B%22id%22%3A%22lmxnbLCbb2JwpW9mb1RnZ2djV22ebGZtqGxpbFdpaWtuVHCv%22%2C%20%22r%22%3A%2219.49%22%2C%20%22tit[...]
Zeile gelöscht : user_pref("extensions.incredibar.afd-1a2d3abe806f9951da73a33d41fcfc9c_wid", "2521; expires=Mon, 25 Feb 2013 23:08:25 GMT");
Zeile gelöscht : user_pref("extensions.incredibar.aflt", "orgnl");
Zeile gelöscht : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Zeile gelöscht : user_pref("extensions.incredibar.cntry", "DE");
Zeile gelöscht : user_pref("extensions.incredibar.dfltLng", "EN");
Zeile gelöscht : user_pref("extensions.incredibar.dfltSrch", false);
Zeile gelöscht : user_pref("extensions.incredibar.dfltlng", "EN");
Zeile gelöscht : user_pref("extensions.incredibar.dfltsrch", "false");
Zeile gelöscht : user_pref("extensions.incredibar.did", "10674");
Zeile gelöscht : user_pref("extensions.incredibar.envrmnt", "production");
Zeile gelöscht : user_pref("extensions.incredibar.excTlbr", false);
Zeile gelöscht : user_pref("extensions.incredibar.hdrMd5", "7D996E9ED61E414DAD79CAEF02F40E38");
Zeile gelöscht : user_pref("extensions.incredibar.hmpg", false);
Zeile gelöscht : user_pref("extensions.incredibar.hrdid", "da46bf1700000000000040618616ae65");
Zeile gelöscht : user_pref("extensions.incredibar.id", "da46bf1700000000000040618616ae65");
Zeile gelöscht : user_pref("extensions.incredibar.installerproductid", "26");
Zeile gelöscht : user_pref("extensions.incredibar.instlDay", "15689");
Zeile gelöscht : user_pref("extensions.incredibar.instlRef", "");
Zeile gelöscht : user_pref("extensions.incredibar.instlday", "15689");
Zeile gelöscht : user_pref("extensions.incredibar.instlref", "");
Zeile gelöscht : user_pref("extensions.incredibar.isDcmntCmplt", true);
Zeile gelöscht : user_pref("extensions.incredibar.isdcmntcmplt", "false");
Zeile gelöscht : user_pref("extensions.incredibar.keywordurl", "");
Zeile gelöscht : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.143:13:05");
Zeile gelöscht : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Zeile gelöscht : user_pref("extensions.incredibar.newTab", false);
Zeile gelöscht : user_pref("extensions.incredibar.newtab", "false");
Zeile gelöscht : user_pref("extensions.incredibar.newtaburl", "");
Zeile gelöscht : user_pref("extensions.incredibar.noFFXTlbr", false);
Zeile gelöscht : user_pref("extensions.incredibar.ppd", "");
Zeile gelöscht : user_pref("extensions.incredibar.prdct", "incredibar");
Zeile gelöscht : user_pref("extensions.incredibar.productid", "26");
Zeile gelöscht : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Zeile gelöscht : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Zeile gelöscht : user_pref("extensions.incredibar.sg", "none");
Zeile gelöscht : user_pref("extensions.incredibar.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.incredibar.smplgrp", "none");
Zeile gelöscht : user_pref("extensions.incredibar.srch", "");
Zeile gelöscht : user_pref("extensions.incredibar.srchprvdr", "");
Zeile gelöscht : user_pref("extensions.incredibar.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyXdDHZIX&loc=IB_TB&i=26&search=");
Zeile gelöscht : user_pref("extensions.incredibar.tlbrid", "base");
Zeile gelöscht : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6OyXdDHZIX&loc=IB_TB&i=26&search=");
Zeile gelöscht : user_pref("extensions.incredibar.upn2", "6OyXdDHZIX");
Zeile gelöscht : user_pref("extensions.incredibar.upn2n", "92262623163825935");
Zeile gelöscht : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Zeile gelöscht : user_pref("extensions.incredibar.vrsnTs", "1.5.11.143:13:05");
Zeile gelöscht : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Zeile gelöscht : user_pref("extensions.incredibar.vrsnts", "1.5.11.143:13:05");
Zeile gelöscht : user_pref("extensions.incredibar.wnd", "{\"cloudcover\":\"100\",\"humidity\":\"100\",\"observation_time\":\"05:08 PM\",\"precipMM\":\"1.4\",\"pressure\":\"1022\",\"temp_C\":\"1\",\"temp_F\":\"35\",\"v[...]
Zeile gelöscht : user_pref("extensions.incredibar_i.aflt", "orgnl");
Zeile gelöscht : user_pref("extensions.incredibar_i.dfltLng", "");
Zeile gelöscht : user_pref("extensions.incredibar_i.did", "10674");
Zeile gelöscht : user_pref("extensions.incredibar_i.excTlbr", false);
Zeile gelöscht : user_pref("extensions.incredibar_i.id", "da46bf1700000000000040618616ae65");
Zeile gelöscht : user_pref("extensions.incredibar_i.installerproductid", "26");
Zeile gelöscht : user_pref("extensions.incredibar_i.instlDay", "15689");
Zeile gelöscht : user_pref("extensions.incredibar_i.instlRef", "");
Zeile gelöscht : user_pref("extensions.incredibar_i.ms_url_id", "");
Zeile gelöscht : user_pref("extensions.incredibar_i.newTab", false);
Zeile gelöscht : user_pref("extensions.incredibar_i.ppd", "");
Zeile gelöscht : user_pref("extensions.incredibar_i.prdct", "incredibar");
Zeile gelöscht : user_pref("extensions.incredibar_i.productid", "26");
Zeile gelöscht : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Zeile gelöscht : user_pref("extensions.incredibar_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.incredibar_i.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyXdDHZIX&loc=IB_TB&i=26&search=");
Zeile gelöscht : user_pref("extensions.incredibar_i.upn2", "6OyXdDHZIX");
Zeile gelöscht : user_pref("extensions.incredibar_i.upn2n", "92262623163825935");
Zeile gelöscht : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Zeile gelöscht : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.143:13:05");
Zeile gelöscht : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Zeile gelöscht : user_pref("extensions.searchya.admin", false);
Zeile gelöscht : user_pref("extensions.searchya.aflt", "foxtab");
Zeile gelöscht : user_pref("extensions.searchya.cntry", "DE");
Zeile gelöscht : user_pref("extensions.searchya.dfltLng", "EN");
Zeile gelöscht : user_pref("extensions.searchya.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.searchya.dfltlng", "EN");
Zeile gelöscht : user_pref("extensions.searchya.dfltsrch", true);
Zeile gelöscht : user_pref("extensions.searchya.excTlbr", false);
Zeile gelöscht : user_pref("extensions.searchya.hdrMd5", "9522086BFEC1516E2D41C3A38754B8CF");
Zeile gelöscht : user_pref("extensions.searchya.hmpg", true);
Zeile gelöscht : user_pref("extensions.searchya.hrdid", "0");
Zeile gelöscht : user_pref("extensions.searchya.id", "da46bf170000000000000022fb949bf8");
Zeile gelöscht : user_pref("extensions.searchya.instlDay", "15401");
Zeile gelöscht : user_pref("extensions.searchya.instlRef", "ft-102");
Zeile gelöscht : user_pref("extensions.searchya.instlday", "15401");
Zeile gelöscht : user_pref("extensions.searchya.instlref", "ft-102");
Zeile gelöscht : user_pref("extensions.searchya.isDcmntCmplt", true);
Zeile gelöscht : user_pref("extensions.searchya.keywordurl", "");
Zeile gelöscht : user_pref("extensions.searchya.lastVrsnTs", "1.5.13.013:18:28");
Zeile gelöscht : user_pref("extensions.searchya.mntrvrsn", "1.2.0");
Zeile gelöscht : user_pref("extensions.searchya.newTab", true);
Zeile gelöscht : user_pref("extensions.searchya.newTabUrl", "hxxp://searchya.com/?chnl=ft-102&s=2&cr=1723402304&cd=2XzutAtN2Y1L1QzuyEtDyCtCzzyCtCyC0A0EyCyDyC0B0FtCyBtN0D0TzutBtDtCtBtDtAtDtB");
Zeile gelöscht : user_pref("extensions.searchya.newtab", true);
Zeile gelöscht : user_pref("extensions.searchya.newtaburl", "hxxp://searchya.com/?chnl=ft-102&s=2&cr=1723402304&cd=2XzutAtN2Y1L1QzuyEtDyCtCzzyCtCyC0A0EyCyDyC0B0FtCyBtN0D0TzutBtDtCtBtDtAtDtB");
Zeile gelöscht : user_pref("extensions.searchya.noFFXTlbr", false);
Zeile gelöscht : user_pref("extensions.searchya.prdct", "searchya");
Zeile gelöscht : user_pref("extensions.searchya.propectorlck", 69262636);
Zeile gelöscht : user_pref("extensions.searchya.prtkHmpg", 1);
Zeile gelöscht : user_pref("extensions.searchya.prtnrId", "ironsrc");
Zeile gelöscht : user_pref("extensions.searchya.prtnrid", "ironsrc");
Zeile gelöscht : user_pref("extensions.searchya.sg", "none");
Zeile gelöscht : user_pref("extensions.searchya.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.searchya.smplgrp", "none");
Zeile gelöscht : user_pref("extensions.searchya.srch", "");
Zeile gelöscht : user_pref("extensions.searchya.srchPrvdr", "SearchYa!");
Zeile gelöscht : user_pref("extensions.searchya.srchprvdr", "SearchYa!");
Zeile gelöscht : user_pref("extensions.searchya.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.searchya.tlbrSrchUrl", "hxxp://searchya.com/?chnl=ft-102&s=3&cr=1723402304&cd=2XzutAtN2Y1L1QzuyEtDyCtCzzyCtCyC0A0EyCyDyC0B0FtCyBtN0D0TzutBtDtCtBtDtAtDtB&q=");
Zeile gelöscht : user_pref("extensions.searchya.tlbrid", "base");
Zeile gelöscht : user_pref("extensions.searchya.tlbrsrchurl", "hxxp://searchya.com/?chnl=ft-102&s=3&cr=1723402304&cd=2XzutAtN2Y1L1QzuyEtDyCtCzzyCtCyC0A0EyCyDyC0B0FtCyBtN0D0TzutBtDtCtBtDtAtDtB&q=");
Zeile gelöscht : user_pref("extensions.searchya.vrsn", "1.5.13.0");
Zeile gelöscht : user_pref("extensions.searchya.vrsnTs", "1.5.13.013:18:28");
Zeile gelöscht : user_pref("extensions.searchya.vrsni", "1.5.13.0");
Zeile gelöscht : user_pref("extensions.searchya.vrsnts", "1.5.13.013:18:28");
Zeile gelöscht : user_pref("extensions.searchya_i.aflt", "foxtab");
Zeile gelöscht : user_pref("extensions.searchya_i.dfltLng", "");
Zeile gelöscht : user_pref("extensions.searchya_i.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.searchya_i.dnsErr", true);
Zeile gelöscht : user_pref("extensions.searchya_i.excTlbr", false);
Zeile gelöscht : user_pref("extensions.searchya_i.hmpg", true);
Zeile gelöscht : user_pref("extensions.searchya_i.hmpgUrl", "hxxp://searchya.com/?chnl=ft-102&s=0&cr=1723402304&cd=2XzutAtN2Y1L1QzuyEtDyCtCzzyCtCyC0A0EyCyDyC0B0FtCyBtN0D0TzutBtDtCtBtDtAtDtB");
Zeile gelöscht : user_pref("extensions.searchya_i.id", "da46bf170000000000000022fb949bf8");
Zeile gelöscht : user_pref("extensions.searchya_i.instlDay", "15401");
Zeile gelöscht : user_pref("extensions.searchya_i.instlRef", "ft-102");
Zeile gelöscht : user_pref("extensions.searchya_i.newTab", true);
Zeile gelöscht : user_pref("extensions.searchya_i.newTabUrl", "hxxp://searchya.com/?chnl=ft-102&s=2&cr=1723402304&cd=2XzutAtN2Y1L1QzuyEtDyCtCzzyCtCyC0A0EyCyDyC0B0FtCyBtN0D0TzutBtDtCtBtDtAtDtB");
Zeile gelöscht : user_pref("extensions.searchya_i.prdct", "searchya");
Zeile gelöscht : user_pref("extensions.searchya_i.prtnrId", "ironsrc");
Zeile gelöscht : user_pref("extensions.searchya_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.searchya_i.srchPrvdr", "SearchYa!");
Zeile gelöscht : user_pref("extensions.searchya_i.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.searchya_i.tlbrSrchUrl", "hxxp://searchya.com/?chnl=ft-102&s=3&cr=1723402304&cd=2XzutAtN2Y1L1QzuyEtDyCtCzzyCtCyC0A0EyCyDyC0B0FtCyBtN0D0TzutBtDtCtBtDtAtDtB&q=");
Zeile gelöscht : user_pref("extensions.searchya_i.vrsn", "1.5.13.0");
Zeile gelöscht : user_pref("extensions.searchya_i.vrsnTs", "1.5.13.013:18:28");
Zeile gelöscht : user_pref("extensions.searchya_i.vrsni", "1.5.13.0");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb128/?loc=IB_DS&a=6OyXdDHZIX&&i=26&search=");
Zeile gelöscht : user_pref("vshare.install.date", "1315665137");
Zeile gelöscht : user_pref("vshare.install.finished", "1.0.0");
Zeile gelöscht : user_pref("vshare.install.fresh", "false");
Zeile gelöscht : user_pref("vshare.install.guid", "{8fb50d23-7703-4bc6-b84a-0d2975ae12fa}");
Zeile gelöscht : user_pref("vshare.install.newtab", false);
Zeile gelöscht : user_pref("winamp_toolbar.buttons.layout", "shoutcast_30026;mobile/android_33522;post_to_twitter_33500;post_to_facebook_33511;post_to_AIM_33511;");
Zeile gelöscht : user_pref("winamp_toolbar.firsttime.showwindow", false);
Zeile gelöscht : user_pref("winamp_toolbar.guid", "{CFA21CB1-D229-4EDB-19B7-C47494E6B6EB}");
Zeile gelöscht : user_pref("winamp_toolbar.install.lastTbVersion", "5.6.19.1");
Zeile gelöscht : user_pref("winamp_toolbar.metrics.activestampdate", "12");
Zeile gelöscht : user_pref("winamp_toolbar.metrics.activestampmonth", "6");
Zeile gelöscht : user_pref("winamp_toolbar.metrics.activestampyear", "2012");
Zeile gelöscht : user_pref("winamp_toolbar.metrics.originalDate", "12");
Zeile gelöscht : user_pref("winamp_toolbar.metrics.originalHours", "21");
Zeile gelöscht : user_pref("winamp_toolbar.metrics.originalMinutes", "26");
Zeile gelöscht : user_pref("winamp_toolbar.metrics.originalMonth", "7");
Zeile gelöscht : user_pref("winamp_toolbar.metrics.originalSeconds", "4");
Zeile gelöscht : user_pref("winamp_toolbar.metrics.originalYear", "2012");
Zeile gelöscht : user_pref("winamp_toolbar.remote.publish.xml", "1342128365385");
Zeile gelöscht : user_pref("winamp_toolbar.search.cid", "12-07-2012");
Zeile gelöscht : user_pref("winamp_toolbar.search.instd", "20120327122805980");
Zeile gelöscht : user_pref("winamp_toolbar.search.oid", "12-07-2012");
Zeile gelöscht : user_pref("winamp_toolbar.search.populateoncomplete", true);
Zeile gelöscht : user_pref("winamp_toolbar.search.searchtype", "web");
Zeile gelöscht : user_pref("winamp_toolbar.search.source", "tb50-ff-winamp");
Zeile gelöscht : user_pref("winamp_toolbar.skin.custom", true);
Zeile gelöscht : user_pref("winamp_toolbar.upgrade.showwindow", false);
Zeile gelöscht : user_pref("winamp_toolbar.winamp.artist", "");
Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.focus", true);
Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.forward", true);
Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.open", true);
Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.pause", true);
Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.play", true);
Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.rewind", true);
Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.stop", true);
Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.volume", true);
Zeile gelöscht : user_pref("winamp_toolbar.winamp.ticker.show", true);
Zeile gelöscht : user_pref("winamp_toolbar.winamp.title", "-999999");

*************************

AdwCleaner[R0].txt - [45464 octets] - [02/07/2014 14:54:31]
AdwCleaner[S0].txt - [39468 octets] - [02/07/2014 14:55:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [39529 octets] ##########

deeprybka · 02.07.2014, 14:19

Hallo,
Dein Vorgehen ist absolut lobenswert! Wenn was unklar ist einfach fragen.

Nun, das ist Dein PC und Deine Software. Wenn Du diese Programme nicht benötigst, dann kannst Du sie sicher deinstallieren.

Ach der Avira...

Schau nur, dass der bei Schritt 3 aus ist.

Joe04 · 02.07.2014, 15:36

Hallo nochmals,

habe nun auch combofix durchlaufen lassen (hat ewig gedauert) und habe soweit noch nichts zu beanstanden. Naja jetzt fällt mir auf, dass z.B. AntiVir nicht mehr im autostart ist.

Egal, soweit läuft alles!

Hier die hoffentlich letzte Log?

Code:

ATTFilter

ComboFix 14-06-30.01 - Joe 02.07.2014  15:49:40.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4078.2670 [GMT 2:00]
ausgeführt von:: c:\users\Joe\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\3595663.pad
c:\programdata\3wfltz8.dss
c:\programdata\Roaming
c:\users\Joe\AppData\Local\Google\Desktop\Install
c:\users\Joe\AppData\Local\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\???\???\???\{d41ae97b-10e3-c648-1caf-041ba960838a}\@
c:\users\Joe\AppData\Local\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\???\???\???\{d41ae97b-10e3-c648-1caf-041ba960838a}\L\00000004.@
c:\users\Joe\AppData\Local\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\???\???\???\{d41ae97b-10e3-c648-1caf-041ba960838a}\L\76603ac3
c:\users\Joe\AppData\Local\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\???\???\???\{d41ae97b-10e3-c648-1caf-041ba960838a}\U\00000004.@
c:\users\Joe\AppData\Local\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\???\???\???\{d41ae97b-10e3-c648-1caf-041ba960838a}\U\00000008.@
c:\users\Joe\AppData\Local\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\???\???\???\{d41ae97b-10e3-c648-1caf-041ba960838a}\U\000000cb.@
c:\users\Joe\AppData\Local\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\???\???\???\{d41ae97b-10e3-c648-1caf-041ba960838a}\U\80000000.@
c:\users\Joe\AppData\Local\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\???\???\???\{d41ae97b-10e3-c648-1caf-041ba960838a}\U\80000032.@
c:\users\Joe\AppData\Local\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\???\???\???\{d41ae97b-10e3-c648-1caf-041ba960838a}\U\80000064.@
c:\users\Joe\AppData\Local\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\2E2F~1\28F0~1\E628~1\{d41ae97b-10e3-c648-1caf-041ba960838a}\@
c:\users\Joe\AppData\Local\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\2E2F~1\28F0~1\E628~1\{d41ae97b-10e3-c648-1caf-041ba960838a}\L\00000004.@
c:\users\Joe\AppData\Local\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\2E2F~1\28F0~1\E628~1\{d41ae97b-10e3-c648-1caf-041ba960838a}\L\76603ac3
c:\users\Joe\AppData\Local\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\2E2F~1\28F0~1\E628~1\{d41ae97b-10e3-c648-1caf-041ba960838a}\U\00000004.@
c:\users\Joe\AppData\Local\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\2E2F~1\28F0~1\E628~1\{d41ae97b-10e3-c648-1caf-041ba960838a}\U\00000008.@
c:\users\Joe\AppData\Local\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\2E2F~1\28F0~1\E628~1\{d41ae97b-10e3-c648-1caf-041ba960838a}\U\000000cb.@
c:\users\Joe\AppData\Local\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\2E2F~1\28F0~1\E628~1\{d41ae97b-10e3-c648-1caf-041ba960838a}\U\80000000.@
c:\users\Joe\AppData\Local\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\2E2F~1\28F0~1\E628~1\{d41ae97b-10e3-c648-1caf-041ba960838a}\U\80000032.@
c:\users\Joe\AppData\Local\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\2E2F~1\28F0~1\E628~1\{d41ae97b-10e3-c648-1caf-041ba960838a}\U\80000064.@
c:\users\Joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0E5FF94C-1B2E-4E4B-8767-963F1DB229FD}.xps
c:\users\Joe\AppData\Local\nsxFA0B.tmp
c:\users\Joe\AppData\Roaming\13001.019
c:\users\Joe\AppData\Roaming\13001.019\chrome.manifest
c:\users\Joe\AppData\Roaming\13001.019\components\AcroFF.txt
c:\users\Joe\AppData\Roaming\13001.019\install.rdf
c:\users\Joe\AppData\Roaming\13001.020
c:\users\Joe\AppData\Roaming\13001.020\chrome.manifest
c:\users\Joe\AppData\Roaming\13001.020\components\AcroFF.txt
c:\users\Joe\AppData\Roaming\13001.020\install.rdf
c:\users\Joe\AppData\Roaming\13001.021
c:\users\Joe\AppData\Roaming\13001.021\chrome.manifest
c:\users\Joe\AppData\Roaming\13001.021\components\AcroFF.txt
c:\users\Joe\AppData\Roaming\13001.021\install.rdf
c:\users\Joe\AppData\Roaming\13001.022
c:\users\Joe\AppData\Roaming\13001.022\chrome.manifest
c:\users\Joe\AppData\Roaming\13001.022\components\AcroFF.txt
c:\users\Joe\AppData\Roaming\13001.022\install.rdf
c:\users\Joe\AppData\Roaming\13001.023
c:\users\Joe\AppData\Roaming\13001.023\chrome.manifest
c:\users\Joe\AppData\Roaming\13001.023\components\AcroFF.txt
c:\users\Joe\AppData\Roaming\13001.023\install.rdf
c:\users\Joe\AppData\Roaming\13001.024
c:\users\Joe\AppData\Roaming\13001.024\chrome.manifest
c:\users\Joe\AppData\Roaming\13001.024\components\AcroFF.txt
c:\users\Joe\AppData\Roaming\13001.024\install.rdf
c:\users\Joe\AppData\Roaming\13001.025
c:\users\Joe\AppData\Roaming\13001.025\chrome.manifest
c:\users\Joe\AppData\Roaming\13001.025\components\AcroFF.txt
c:\users\Joe\AppData\Roaming\13001.025\install.rdf
c:\users\Joe\AppData\Roaming\13001.026
c:\users\Joe\AppData\Roaming\13001.026\chrome.manifest
c:\users\Joe\AppData\Roaming\13001.026\components\AcroFF.txt
c:\users\Joe\AppData\Roaming\13001.026\install.rdf
c:\users\Joe\AppData\Roaming\13001.028
c:\users\Joe\AppData\Roaming\13001.028\chrome.manifest
c:\users\Joe\AppData\Roaming\13001.028\components\AcroFF.txt
c:\users\Joe\AppData\Roaming\13001.028\install.rdf
c:\users\Joe\AppData\Roaming\AcroIEHelpe.txt
c:\users\Joe\AppData\Roaming\cache.dat
c:\users\Joe\AppData\Roaming\srvblck5.tmp
c:\windows\SysWow64\tmpECE3.tmp
c:\windows\SysWow64\tmpECE4.tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-06-02 bis 2014-07-02  ))))))))))))))))))))))))))))))
.
.
2014-07-02 14:01 . 2014-07-02 14:01	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-07-02 14:01 . 2014-07-02 14:01	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-07-02 12:57 . 2014-07-02 13:34	--------	d-----w-	c:\program files\SupraSavings
2014-07-02 12:54 . 2014-07-02 12:55	--------	d-----w-	C:\AdwCleaner
2014-07-02 12:22 . 2011-12-14 01:29	476904	----a-w-	c:\program files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll
2014-07-02 06:59 . 2014-07-02 07:01	--------	d-----w-	C:\FRST
2014-07-02 06:34 . 2014-07-02 11:25	--------	d-----w-	c:\program files (x86)\Weather It Up
2014-07-01 20:43 . 2014-07-01 20:43	--------	d-----w-	c:\program files (x86)\CB78F643-3729-434F-8C25-F28D15F025F3
2014-07-01 14:22 . 2014-07-01 14:22	--------	d-----w-	c:\users\Joe\AppData\Local\com
2014-07-01 14:19 . 2014-07-02 11:25	--------	d-----w-	c:\program files (x86)\HQube-V1.6
2014-06-30 13:19 . 2014-06-30 13:19	--------	d--h--w-	c:\windows\system32\WLANProfiles
2014-06-30 13:19 . 2014-06-30 13:19	--------	d-----w-	c:\users\Joe\AppData\Roaming\Intel
2014-06-30 13:19 . 2014-06-30 13:19	--------	d-----w-	c:\users\UpdatusUser\Roaming
2014-06-30 13:19 . 2014-06-30 13:19	--------	d-----w-	c:\users\Public\Roaming
2014-06-30 13:19 . 2014-06-30 13:19	--------	d-----w-	c:\users\Joe\Roaming
2014-06-30 13:19 . 2014-06-30 13:19	--------	d-----w-	c:\users\Default\Roaming
2014-06-30 13:19 . 2014-06-30 13:19	--------	d-----w-	c:\users\AppData\Roaming
2014-06-30 13:18 . 2014-06-30 13:18	--------	d-----w-	c:\programdata\Intel
2014-06-30 13:18 . 2014-06-30 13:18	--------	d-----w-	c:\program files\Common Files\Intel
2014-06-30 13:18 . 2014-06-30 13:18	--------	d-----w-	c:\program files (x86)\Intel
2014-06-30 13:18 . 2014-06-30 13:18	--------	d-----w-	c:\program files (x86)\Cisco
2014-06-30 13:17 . 2014-06-30 13:18	--------	d-----w-	c:\program files\Intel
2014-06-30 13:17 . 2014-06-30 13:17	--------	d-----w-	c:\programdata\Package Cache
2014-06-24 20:01 . 2011-03-31 08:07	302080	----a-w-	c:\windows\system32\CNC_ATC.dll
2014-06-24 20:01 . 2011-03-31 08:06	112128	----a-w-	c:\windows\system32\CNC_ATI.dll
2014-06-24 20:01 . 2011-03-30 10:55	373248	----a-w-	c:\windows\system32\CNC_ATL.dll
2014-06-24 20:01 . 2008-08-25 16:02	17920	----a-w-	c:\windows\system32\CNHMCA6.dll
2014-06-24 20:01 . 2012-03-14 03:00	385024	----a-w-	c:\windows\system32\CNMLMAT.DLL
2014-06-23 16:28 . 2014-06-23 16:28	--------	d-----w-	c:\programdata\Gibraltar
2014-06-23 16:25 . 2014-06-23 16:25	--------	d-----w-	c:\users\Joe\AppData\Local\Swiss Academic Software
2014-06-23 16:24 . 2014-06-23 16:28	--------	d-----w-	c:\users\Joe\AppData\Roaming\Swiss Academic Software
2014-06-23 16:21 . 2014-02-07 10:58	708992	----a-w-	c:\program files (x86)\Internet Explorer\Citavi Picker\x64\SwissAcademic.Citavi.IEPicker.dll
2014-06-23 16:21 . 2014-01-28 05:47	126976	----a-w-	c:\program files (x86)\Internet Explorer\Citavi Picker\x64\Interop.SHDocVw.dll
2014-06-23 16:21 . 2012-07-26 17:08	8022976	----a-w-	c:\program files (x86)\Internet Explorer\Citavi Picker\x64\Microsoft.mshtml.dll
2014-06-23 16:21 . 2014-02-07 10:58	103752	----a-w-	c:\program files (x86)\Internet Explorer\Citavi Picker\x64\IEPickerBroker.exe
2014-06-23 16:21 . 2013-05-23 04:17	95232	----a-w-	c:\program files (x86)\Internet Explorer\Citavi Picker\x64\CitaviInternetExplorerPickerHelper.exe
2014-06-23 16:21 . 2014-06-23 16:22	--------	d-----w-	c:\programdata\Swiss Academic Software
2014-06-23 16:21 . 2014-02-07 10:58	708992	----a-w-	c:\program files (x86)\Internet Explorer\Citavi Picker\SwissAcademic.Citavi.IEPicker.dll
2014-06-23 16:21 . 2014-02-07 10:58	103752	----a-w-	c:\program files (x86)\Internet Explorer\Citavi Picker\IEPickerBroker.exe
2014-06-23 16:21 . 2014-01-28 05:47	126976	----a-w-	c:\program files (x86)\Internet Explorer\Citavi Picker\Interop.SHDocVw.dll
2014-06-23 16:21 . 2013-05-23 04:17	95232	----a-w-	c:\program files (x86)\Internet Explorer\Citavi Picker\CitaviInternetExplorerPickerHelper.exe
2014-06-23 16:21 . 2012-07-26 17:08	8022976	----a-w-	c:\program files (x86)\Internet Explorer\Citavi Picker\Microsoft.mshtml.dll
2014-06-23 16:20 . 2014-06-23 16:21	--------	d-----w-	c:\program files (x86)\Citavi 4
2014-06-12 19:05 . 2014-06-12 19:05	46376	----a-w-	c:\windows\system32\drivers\netfilter64.sys
2014-06-11 17:25 . 2014-06-08 09:13	506368	----a-w-	c:\windows\system32\aepdu.dll
2014-06-11 17:25 . 2014-06-08 09:08	424448	----a-w-	c:\windows\system32\aeinv.dll
2014-06-03 12:53 . 2014-06-03 12:53	--------	d-----w-	c:\users\Joe\AppData\Local\Adobe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-01 12:33 . 2013-08-07 22:27	117712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2014-06-17 09:10 . 2014-01-07 22:33	588496	----a-w-	c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-06-11 22:00 . 2012-01-06 23:54	95414520	----a-w-	c:\windows\system32\MRT.exe
2014-06-03 21:01 . 2013-08-07 22:27	130584	----a-w-	c:\windows\system32\drivers\avipbb.sys
2014-06-02 21:42 . 2012-06-23 15:44	692400	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-02 21:42 . 2011-07-15 17:14	70832	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-20 23:15 . 2011-12-08 19:49	214520	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2014-04-20 23:15 . 2011-10-28 21:00	75064	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2014-04-20 23:14 . 2011-10-28 21:00	214520	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2014-04-18 21:45 . 2011-10-28 21:00	2337865	----a-w-	c:\windows\SysWow64\pbsvc.exe
2014-04-12 02:22 . 2014-05-14 09:59	95680	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:22 . 2014-05-14 09:59	155072	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:19 . 2014-05-14 09:59	29184	----a-w-	c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-14 09:59	136192	----a-w-	c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-14 09:59	28160	----a-w-	c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-14 09:59	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-14 09:59	31232	----a-w-	c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-14 09:59	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-14 09:59	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2006-05-03 10:06	163328	--sha-r-	c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47	31232	--sha-r-	c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30	216064	--sha-r-	c:\windows\SysWOW64\nbDX.dll
2010-01-06 23:00	107520	--sha-r-	c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-06-17 09:15	1730264	----a-w-	c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-06-17 09:15	1730264	----a-w-	c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-06-17 09:15	1730264	----a-w-	c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SansaDispatch"="c:\users\Joe\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2014-03-14 613888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-07-01 750160]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-12-09 336992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 VmbService;Vodafone-Mobile-Broadband-Dienst;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 netfilter64;netfilter64;c:\windows\system32\drivers\netfilter64.sys;c:\windows\SYSNATIVE\drivers\netfilter64.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 SupraSavingsService64;SupraSavingsService64;c:\program files (x86)\CB78F643-3729-434F-8C25-F28D15F025F3\SupraSavingsService64.exe;c:\program files (x86)\CB78F643-3729-434F-8C25-F28D15F025F3\SupraSavingsService64.exe [x]
S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys;c:\windows\SYSNATIVE\DRIVERS\vodafone_K3805-z_dc_enum.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 21:42]
.
2014-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-15 14:04]
.
2014-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-15 14:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-06-17 09:15	2335960	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-06-17 09:15	2335960	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-06-17 09:15	2335960	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
IE: &Citavi Picker... - file://c:\program files (x86)\Internet Explorer\Citavi Picker\ShowContextMenu.html
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
Trusted Zone: sharepoint.com\fhmuenster183
Trusted Zone: sharepoint.com\fhmuenster183-my
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{2EDCA1BE-6DA2-4813-BAD2-BB8E3AA6EE10}: NameServer = 139.7.30.125 139.7.30.126
TCP: Interfaces\{AF2A3D51-91A7-4FCA-AED4-CF72E6F4B1D9}: NameServer = 139.7.30.126 139.7.30.125
TCP: Interfaces\{B5127C26-120D-45E9-9400-A2380AAA4DC5}: NameServer = 139.7.30.126 139.7.30.125
FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: 2014-05-13 11:23; adblockpopups@jessehakanen.net; c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\extensions\adblockpopups@jessehakanen.net.xpi
FF - ExtSQL: 2014-05-16 01:00; boost@boost.net; c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\extensions\boost@boost.net.xpi
FF - ExtSQL: 2014-06-23 18:21; {8AA36F4F-6DC7-4c06-77AF-5035170634FE}; c:\programdata\Swiss Academic Software\Citavi Picker\Firefox
FF - ExtSQL: 2014-07-02 08:36; donottrackplus@abine.com; c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\extensions\donottrackplus@abine.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-AnyProtect Scanner - c:\program files (x86)\AnyProtectEx\AnyProtect.exe
Wow6432Node-HKLM-Run-AnyProtect Tray - c:\program files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe
Wow6432Node-HKLM-Run-fst_de_77 - (no file)
Wow6432Node-HKLM-Run-t4pc_en_8 - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2168211459-3127497666-3910615475-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:20,64,83,72,3e,d5,54,b9,a5,eb,bb,84,27,05,c7,57,16,ed,35,89,ad,c9,27,
   39,03,64,20,53,b6,e2,02,c7,e2,cb,14,6a,f2,e0,75,76,66,78,d3,55,ec,49,8b,d9,\
"??"=hex:6c,47,7c,fb,d4,3c,5e,57,fd,4b,ce,73,a8,87,a4,93
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\program files\Microsoft Office 15\Root\Office15\MsoSync.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-07-02  16:16:41 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-07-02 14:16
.
Vor Suchlauf: 10 Verzeichnis(se), 41.635.729.408 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 41.526.534.144 Bytes frei
.
- - End Of File - - D62DF73205A64ECFC93E445B4D26C8C9
A36C5E4F47E84449FF07ED3517B43A31

deeprybka · 02.07.2014, 15:40

Zitat:

Zitat von Joe04

Hier die hoffentlich letzte Log?

Nee, nee sind noch nicht fertig....

Schritt 1

Malwarebytes Antimalware

Download-Link
Installiere das Programm in den vorgegebenen Pfad.
Starte Malwarebytes' Anti-Malware (MBAM).
Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
Unter Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
Klicke im Anschluss auf "Suchlauf", wähle den Bedrohungssuchlauf aus, aktualisiere die Datenbanken und klicke auf "Suchlauf jetzt starten".
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...)
Poste mir den Inhalt der Logdatei (geht so...). Klicke dazu auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Klicke auf "In Zwischenablage kopieren" poste mir den Inhalt in Code-Tags als Antwort in den Thread.

Schritt 2

Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.

Joe04 · 02.07.2014, 16:41

Anti-Malware Log: (Ich hoffedass es das richtige ist. ???)

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 02.07.2014
Suchlauf-Zeit: 17:01:03
Logdatei: ANTI-Malware2.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.02.04
Rootkit Datenbank: v2014.07.01.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Joe

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 331346
Verstrichene Zeit: 25 Min, 13 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\CB78F643-3729-434F-8C25-F28D15F025F3\SupraSavingsService64.exe, 2240, Löschen bei Neustart, [bd9a27730d6e211524733fcc7292ec14]

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 16
PUP.Optional.SearchYah.A, HKU\S-1-5-21-2168211459-3127497666-3910615475-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{25927741-5E5B-4D27-8D8B-9188FE64373F}, Löschen bei Neustart, [47106d2dabd0d264de18e16b8082659b], 
PUP.Optional.VShareRedir, HKU\S-1-5-21-2168211459-3127497666-3910615475-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}, Löschen bei Neustart, [2b2ce8b29be04de90749d091a65c1ee2], 
Trojan.Banker, HKU\S-1-5-21-2168211459-3127497666-3910615475-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{DD31495E-290C-41CF-8C66-7415383F82DE}, Löschen bei Neustart, [87d05b3fb5c605310cb32832ae545ba5], 
PUP.Optional.HDPlus.A, HKLM\SOFTWARE\WOW6432NODE\HQube-V1.6, In Quarantäne, [183fabef9eddfb3bbe618729ca38ce32], 
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [ba9d6931e29993a3e4fd15f6a0648779], 
PUP.Optional.WeatherItUp.A, HKLM\SOFTWARE\WOW6432NODE\Weather It Up, In Quarantäne, [5601afeb6417a98d9e9dac2246bc8878], 
PUP.Optional.SupraSavings.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SupraSavingsService64, In Quarantäne, [bd9a27730d6e211524733fcc7292ec14], 
PUP.Optional.HDPlus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQube-V1.6, Löschen bei Neustart, [9eb99bffa1da87af9c85a60a857d9967], 
PUP.Optional.ReMarkable.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Re_Markable, Löschen bei Neustart, [25321d7d621983b32e09e5e35ba7b14f], 
PUP.Optional.SupraSavings.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Supra Savings, Löschen bei Neustart, [be99c9d135466fc7b78debdb04fef50b], 
PUP.Optional.MediaPlayer.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\video MediaPlay-Air, Löschen bei Neustart, [193e69313c3fea4c915861aa7e8644bc], 
PUP.Optional.HDPlus.A, HKU\S-1-5-21-2168211459-3127497666-3910615475-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQube-V1.6, Löschen bei Neustart, [97c0e5b57308a6905cc5783853af8878], 
PUP.Optional.WeatherItUp.A, HKU\S-1-5-21-2168211459-3127497666-3910615475-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Weather It Up, Löschen bei Neustart, [3d1acbcfd5a695a1af8aede1a85a0af6], 
PUP.Optional.WeatherItUp.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Weather It Up, In Quarantäne, [e374b0ea1467a29475a8e4b7b64c9e62], 
PUP.Optional.HDPlus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\HQube-V1.6, In Quarantäne, [67f095054e2d78bede77416ee12128d8], 
PUP.Optional.Complitly.A, HKU\S-1-5-21-2168211459-3127497666-3910615475-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{0FB6A909-6086-458F-BD92-1F8EE10042A0}, Löschen bei Neustart, [76e1574387f43ef8bc968d08ba4ab34d], 

Registrierungswerte: 1
PUP.Optional.FastStart.A, HKU\S-1-5-21-2168211459-3127497666-3910615475-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, Löschen bei Neustart, [0e499307f08b3ef82b4a555b0bf740c0]

Registrierungsdaten: 1
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[d780079317643afccf7b801010f4e31d]

Ordner: 11
PUP.Optional.WeatherItUp.A, C:\Program Files (x86)\Weather It Up, In Quarantäne, [e374b0ea1467a29475a8e4b7b64c9e62], 
PUP.Optional.SupraSavings.A, C:\Program Files\SupraSavings, In Quarantäne, [c196b2e884f75ed84a127c22ef138977], 
PUP.Optional.SupraSavings.A, C:\Program Files\SupraSavings\SSL, In Quarantäne, [c196b2e884f75ed84a127c22ef138977], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HQube-V1.6, In Quarantäne, [67f095054e2d78bede77416ee12128d8], 
Trojan.0Access, c:\program files (x86)\google\desktop\install\{d41ae97b-10e3-c648-1caf-041ba960838a}\   , Löschen bei Neustart, [d087abefc9b290a6eb5808fa8d739d63], 
Trojan.0Access, c:\program files (x86)\google\desktop\install\{d41ae97b-10e3-c648-1caf-041ba960838a}\   \..., In Quarantäne, [d087abefc9b290a6eb5808fa8d739d63], 
Trojan.0Access, c:\program files (x86)\google\desktop\install\{d41ae97b-10e3-c648-1caf-041ba960838a}\   \...\â?®ï¯¹à¹?, In Quarantäne, [d087abefc9b290a6eb5808fa8d739d63], 
Trojan.0Access, c:\program files (x86)\google\desktop\install\{d41ae97b-10e3-c648-1caf-041ba960838a}\   \...\â?®ï¯¹à¹?\{d41ae97b-10e3-c648-1caf-041ba960838a}, In Quarantäne, [d087abefc9b290a6eb5808fa8d739d63], 
Trojan.0Access, c:\program files (x86)\google\desktop\install\{d41ae97b-10e3-c648-1caf-041ba960838a}\   \...\â?®ï¯¹à¹?\{d41ae97b-10e3-c648-1caf-041ba960838a}\l, In Quarantäne, [d087abefc9b290a6eb5808fa8d739d63], 
Trojan.0Access, c:\program files (x86)\google\desktop\install\{d41ae97b-10e3-c648-1caf-041ba960838a}\   \...\â?®ï¯¹à¹?\{d41ae97b-10e3-c648-1caf-041ba960838a}\u, In Quarantäne, [d087abefc9b290a6eb5808fa8d739d63], 
Trojan.0Access, C:\Program Files (x86)\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}, In Quarantäne, [3e19debccfac3bfbb68e0cf634cc9070], 

Dateien: 48
Trojan.FakeMS.ED, C:\ProgramData\8ztlfw3.pss, In Quarantäne, [3c1b702a5328b87e78a096826d94d729], 
PUP.Optional.OpenCandy, C:\Users\Joe\AppData\Roaming\PowerISO\Upgrade\PowerISO5.exe, In Quarantäne, [7bdc73279be07abcc3f000b4699b29d7], 
Trojan.KillAV, C:\Users\Joe\Downloads\SciLorsGrooveshark.comDownloaderV0.4.9.2c.zip, In Quarantäne, [7cdb68326714fb3b3db194a96f9338c8], 
Trojan.KillAV, C:\Users\Joe\Downloads\SciLorsGrooveshark.comDownloaderV0.4.9.3a.src.zip, In Quarantäne, [2235821883f83105bb3395a83cc60df3], 
PUP.Optional.OpenCandy, C:\Users\Joe\Downloads\veetle-0.9.18.exe, In Quarantäne, [15422971205bfb3b7e35ebc9d2324cb4], 
PUP.Optional.OpenCandy, C:\Users\Joe\Downloads\veetle-0.9.19.exe, In Quarantäne, [c3949cfefe7d63d3b9fa7c38c0443ac6], 
PUP.Optional.OpenCandy, C:\Users\Joe\Downloads\winamp5623_full_emusic-7plus_all.exe, In Quarantäne, [510624763f3cf4423f742094828231cf], 
Hacktool.Agent, C:\Users\Joe\Desktop\FH\MS Office 2007\Office image\Microsoft Office 2007 Application - Volume License Generator.exe, In Quarantäne, [c592faa01962270fa14ea628ee1344bc], 
RiskWare.Tool.CK, C:\Users\Joe\Desktop\FH\MS Office 2007\Office image\Office2007keygen.exe, In Quarantäne, [8fc8b4e6a4d71e180d6024acc839c43c], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\CB78F643-3729-434F-8C25-F28D15F025F3\SupraSavingsService64.exe, Löschen bei Neustart, [bd9a27730d6e211524733fcc7292ec14], 
PUP.Optional.WeatherItUp.A, C:\Program Files (x86)\Weather It Up\Uninstall.exe, In Quarantäne, [e374b0ea1467a29475a8e4b7b64c9e62], 
PUP.Optional.WeatherItUp.A, C:\Program Files (x86)\Weather It Up\1293297481.mxaddon, In Quarantäne, [e374b0ea1467a29475a8e4b7b64c9e62], 
PUP.Optional.WeatherItUp.A, C:\Program Files (x86)\Weather It Up\360-49136.crx, In Quarantäne, [e374b0ea1467a29475a8e4b7b64c9e62], 
PUP.Optional.WeatherItUp.A, C:\Program Files (x86)\Weather It Up\49136.xpi, In Quarantäne, [e374b0ea1467a29475a8e4b7b64c9e62], 
PUP.Optional.WeatherItUp.A, C:\Program Files (x86)\Weather It Up\9ac29ed9-d605-445d-ab51-5460993c2e60.crx, In Quarantäne, [e374b0ea1467a29475a8e4b7b64c9e62], 
PUP.Optional.WeatherItUp.A, C:\Program Files (x86)\Weather It Up\background.html, In Quarantäne, [e374b0ea1467a29475a8e4b7b64c9e62], 
PUP.Optional.WeatherItUp.A, C:\Program Files (x86)\Weather It Up\utils.exe, In Quarantäne, [e374b0ea1467a29475a8e4b7b64c9e62], 
PUP.Optional.WeatherItUp.A, C:\Program Files (x86)\Weather It Up\Weather It Up-bg.exe, In Quarantäne, [e374b0ea1467a29475a8e4b7b64c9e62], 
PUP.Optional.WeatherItUp.A, C:\Program Files (x86)\Weather It Up\Weather It Up-bho.dll, In Quarantäne, [e374b0ea1467a29475a8e4b7b64c9e62], 
PUP.Optional.WeatherItUp.A, C:\Program Files (x86)\Weather It Up\Weather It Up-bho64.dll, In Quarantäne, [e374b0ea1467a29475a8e4b7b64c9e62], 
PUP.Optional.WeatherItUp.A, C:\Program Files (x86)\Weather It Up\Weather It Up-buttonutil.dll, In Quarantäne, [e374b0ea1467a29475a8e4b7b64c9e62], 
PUP.Optional.WeatherItUp.A, C:\Program Files (x86)\Weather It Up\Weather It Up-buttonutil.exe, In Quarantäne, [e374b0ea1467a29475a8e4b7b64c9e62], 
PUP.Optional.WeatherItUp.A, C:\Program Files (x86)\Weather It Up\Weather It Up-buttonutil64.dll, In Quarantäne, [e374b0ea1467a29475a8e4b7b64c9e62], 
PUP.Optional.WeatherItUp.A, C:\Program Files (x86)\Weather It Up\Weather It Up-buttonutil64.exe, In Quarantäne, [e374b0ea1467a29475a8e4b7b64c9e62], 
PUP.Optional.WeatherItUp.A, C:\Program Files (x86)\Weather It Up\Weather It Up.ico, In Quarantäne, [e374b0ea1467a29475a8e4b7b64c9e62], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HQube-V1.6\1293297481.mxaddon, In Quarantäne, [67f095054e2d78bede77416ee12128d8], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HQube-V1.6\29d989c7-1a71-4010-8cd0-9237e6a26eb4-10.exe, In Quarantäne, [67f095054e2d78bede77416ee12128d8], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HQube-V1.6\29d989c7-1a71-4010-8cd0-9237e6a26eb4-2.exe, In Quarantäne, [67f095054e2d78bede77416ee12128d8], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HQube-V1.6\29d989c7-1a71-4010-8cd0-9237e6a26eb4-5.exe, In Quarantäne, [67f095054e2d78bede77416ee12128d8], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HQube-V1.6\29d989c7-1a71-4010-8cd0-9237e6a26eb4.crx, In Quarantäne, [67f095054e2d78bede77416ee12128d8], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HQube-V1.6\360-59568.crx, In Quarantäne, [67f095054e2d78bede77416ee12128d8], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HQube-V1.6\59568.crx, In Quarantäne, [67f095054e2d78bede77416ee12128d8], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HQube-V1.6\59568.xpi, In Quarantäne, [67f095054e2d78bede77416ee12128d8], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HQube-V1.6\background.html, In Quarantäne, [67f095054e2d78bede77416ee12128d8], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HQube-V1.6\HQube-V1.6-bho.dll, In Quarantäne, [67f095054e2d78bede77416ee12128d8], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HQube-V1.6\HQube-V1.6-bho64.dll, In Quarantäne, [67f095054e2d78bede77416ee12128d8], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HQube-V1.6\HQube-V1.6.ico, In Quarantäne, [67f095054e2d78bede77416ee12128d8], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HQube-V1.6\Uninstall.exe, In Quarantäne, [67f095054e2d78bede77416ee12128d8], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HQube-V1.6\utils.exe, In Quarantäne, [67f095054e2d78bede77416ee12128d8], 
Trojan.0Access, c:\Program Files (x86)\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\   \...\â?®ï¯¹à¹?\{d41ae97b-10e3-c648-1caf-041ba960838a}\@, In Quarantäne, [d087abefc9b290a6eb5808fa8d739d63], 
Trojan.0Access, c:\Program Files (x86)\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\   \...\â?®ï¯¹à¹?\{d41ae97b-10e3-c648-1caf-041ba960838a}\L\00000004.@, In Quarantäne, [d087abefc9b290a6eb5808fa8d739d63], 
Trojan.0Access, c:\Program Files (x86)\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\   \...\â?®ï¯¹à¹?\{d41ae97b-10e3-c648-1caf-041ba960838a}\L\76603ac3, In Quarantäne, [d087abefc9b290a6eb5808fa8d739d63], 
Trojan.0Access, c:\Program Files (x86)\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\   \...\â?®ï¯¹à¹?\{d41ae97b-10e3-c648-1caf-041ba960838a}\U\00000004.@, In Quarantäne, [d087abefc9b290a6eb5808fa8d739d63], 
Trojan.0Access, c:\Program Files (x86)\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\   \...\â?®ï¯¹à¹?\{d41ae97b-10e3-c648-1caf-041ba960838a}\U\00000008.@, In Quarantäne, [d087abefc9b290a6eb5808fa8d739d63], 
Trojan.0Access, c:\Program Files (x86)\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\   \...\â?®ï¯¹à¹?\{d41ae97b-10e3-c648-1caf-041ba960838a}\U\000000cb.@, In Quarantäne, [d087abefc9b290a6eb5808fa8d739d63], 
Trojan.0Access, c:\Program Files (x86)\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\   \...\â?®ï¯¹à¹?\{d41ae97b-10e3-c648-1caf-041ba960838a}\U\80000000.@, In Quarantäne, [d087abefc9b290a6eb5808fa8d739d63], 
Trojan.0Access, c:\Program Files (x86)\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\   \...\â?®ï¯¹à¹?\{d41ae97b-10e3-c648-1caf-041ba960838a}\U\80000032.@, In Quarantäne, [d087abefc9b290a6eb5808fa8d739d63], 
Trojan.0Access, c:\Program Files (x86)\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\   \...\â?®ï¯¹à¹?\{d41ae97b-10e3-c648-1caf-041ba960838a}\U\80000064.@, In Quarantäne, [d087abefc9b290a6eb5808fa8d739d63], 

Physische Sektoren: 0
(No malicious items detected)


(end)

FRST Log:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2014
Ran by Joe (administrator) on JOE´S-PC on 02-07-2014 17:37:20
Running from C:\Users\Joe\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CB78F643-3729-434F-8C25-F28D15F025F3\SupraSavingsService64.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [336992 2012-12-09] (Power Software Ltd)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] - "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe" "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware " [54072 2014-05-12] (Malwarebytes Corporation)
HKU\S-1-5-21-2168211459-3127497666-3910615475-1000\...\Run: [SansaDispatch] => C:\Users\Joe\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [613888 2014-03-14] (SanDisk Corporation)
HKU\S-1-5-21-2168211459-3127497666-3910615475-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SansaDispatch] => C:\Users\Joe\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [613888 2014-03-14] (SanDisk Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x01ED3657BBCCCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://startsear.ch/?aff=1&src=sp&cf=1ffc10a6-3ece-11e1-98fe-40618616ae65&q={searchTerms}
SearchScopes: HKCU - {8C48B540-8632-4590-860D-52EA3B8FA5D0} URL = hxxp://searchya.com/?chnl=ft-102&s=1&cr=1723402304&cd=2XzutAtN2Y1L1QzuyEtDyCtCzzyCtCyC0A0EyCyDyC0B0FtCyBtN0D0TzutBtDtCtBtDtAtDtB&q={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Citavi Picker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Citavi Picker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{2EDCA1BE-6DA2-4813-BAD2-BB8E3AA6EE10}: [NameServer]139.7.30.125 139.7.30.126
Tcpip\..\Interfaces\{AF2A3D51-91A7-4FCA-AED4-CF72E6F4B1D9}: [NameServer]139.7.30.126 139.7.30.125
Tcpip\..\Interfaces\{B5127C26-120D-45E9-9400-A2380AAA4DC5}: [NameServer]139.7.30.126 139.7.30.125

FireFox:
========
FF ProfilePath: C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default
FF NewTab: chrome://quick_start/content/index.html
FF SelectedSearchEngine: Google
FF NetworkProxy: "backup.ftp", "		23.241.35.39"
FF NetworkProxy: "backup.ftp_port", 30721
FF NetworkProxy: "backup.socks", "		23.241.35.39"
FF NetworkProxy: "backup.socks_port", 30721
FF NetworkProxy: "backup.ssl", "		23.241.35.39"
FF NetworkProxy: "backup.ssl_port", 30721
FF NetworkProxy: "ftp", "	97.80.60.62"
FF NetworkProxy: "ftp_port", 25628
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "	97.80.60.62"
FF NetworkProxy: "socks_port", 25628
FF NetworkProxy: "ssl", "	97.80.60.62"
FF NetworkProxy: "ssl_port", 25628
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\searchplugins\leo-deu-eng.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\donottrackplus@abine.com [2014-07-02]
FF Extension: ProxTube - Unblock YouTube - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\ich@maltegoetz.de [2014-05-23]
FF Extension: YouTube Unblocker - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\youtubeunblocker@unblocker.yt [2014-05-23]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-05-13]
FF Extension: Boost - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\boost@boost.net.xpi [2014-05-16]
FF Extension: Grooveshark Unlocker - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\groovesharkUnlocker@overlord1337.xpi [2012-01-30]
FF Extension: NASA Night Launch - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\nasanightlaunch@example.com.xpi [2012-12-03]
FF Extension: vshare Add-On - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi [2011-09-10]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-06-23]
FF HKCU\...\Firefox\Extensions: [{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}] - C:\Users\Joe\AppData\Roaming\13001.028

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-01] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1028688 2014-07-01] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-20] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2014-04-21] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [214520 2014-04-21] ()
R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [317296 2011-06-24] (Sierra Wireless, Inc.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-20] (Intel® Corporation)
S2 VmbService; "C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe" [X]

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-11-02] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
U0 cugxbanl; C:\Windows\System32\drivers\tmcjuljw.sys [79064 2014-07-02] (Malwarebytes Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [422400 2012-04-20] (Huawei Technologies Co., Ltd.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-11-02] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [122584 2014-07-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-06-12] (NetFilterSDK.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-02 17:34 - 2014-07-02 17:34 - 00013981 _____ () C:\Users\Joe\Desktop\ANTI-Malware2.txt
2014-07-02 17:32 - 2014-07-02 17:32 - 00001254 _____ () C:\Users\Joe\Desktop\ANTI-Malware.txt
2014-07-02 17:29 - 2014-07-02 17:29 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\tmcjuljw.sys
2014-07-02 16:55 - 2014-07-02 17:29 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-02 16:55 - 2014-07-02 17:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-02 16:55 - 2014-07-02 16:55 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-02 16:55 - 2014-07-02 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-02 16:55 - 2014-07-02 16:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-02 16:55 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-02 16:55 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-02 16:55 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-02 16:53 - 2014-07-02 16:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Joe\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-02 16:16 - 2014-07-02 16:16 - 00029961 _____ () C:\ComboFix.txt
2014-07-02 15:47 - 2014-07-02 16:17 - 00000000 ____D () C:\Qoobox
2014-07-02 15:47 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-02 15:47 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-02 15:47 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-02 15:47 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-02 15:47 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-02 15:47 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-02 15:47 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-02 15:47 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-02 15:46 - 2014-07-02 16:13 - 00000000 ____D () C:\Windows\erdnt
2014-07-02 15:44 - 2014-07-02 15:45 - 05212874 ____R (Swearware) C:\Users\Joe\Desktop\ComboFix.exe
2014-07-02 14:54 - 2014-07-02 14:55 - 00000000 ____D () C:\AdwCleaner
2014-07-02 14:52 - 2014-07-02 14:52 - 01342659 _____ () C:\Users\Joe\Desktop\adwcleaner_3.213.exe
2014-07-02 14:42 - 2014-07-02 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone
2014-07-02 14:03 - 2014-07-02 14:04 - 00000000 ____D () C:\Users\Joe\Desktop\revouninstaller-portable
2014-07-02 14:01 - 2014-07-02 14:01 - 03007700 _____ () C:\Users\Joe\Desktop\revouninstaller.zip
2014-07-02 09:01 - 2014-07-02 09:01 - 00054018 _____ () C:\Users\Joe\Desktop\Addition.txt
2014-07-02 08:59 - 2014-07-02 17:37 - 00017460 _____ () C:\Users\Joe\Desktop\FRST.txt
2014-07-02 08:59 - 2014-07-02 17:37 - 00000000 ____D () C:\FRST
2014-07-02 08:59 - 2014-07-02 08:59 - 02083840 _____ (Farbar) C:\Users\Joe\Desktop\FRST64.exe
2014-07-02 08:36 - 2014-07-02 13:26 - 00003132 _____ () C:\Windows\System32\Tasks\System Speedup
2014-07-02 08:35 - 2014-07-02 08:35 - 00001038 _____ () C:\Users\Public\Desktop\System Speedup.lnk
2014-07-01 22:43 - 2014-07-01 22:43 - 00000000 ____D () C:\Program Files (x86)\CB78F643-3729-434F-8C25-F28D15F025F3
2014-07-01 22:18 - 2014-07-02 08:14 - 00000000 ____D () C:\Users\Joe\Desktop\Anti
2014-07-01 16:33 - 2014-07-01 16:33 - 00003164 _____ () C:\Windows\System32\Tasks\{908B9EC9-1106-4C32-A877-84E0562A3798}
2014-07-01 16:22 - 2014-07-01 16:22 - 00000000 ____D () C:\Users\Joe\AppData\Local\com
2014-07-01 16:19 - 2014-07-02 14:28 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-07-01 16:19 - 2014-07-01 16:26 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-30 15:19 - 2014-06-30 15:19 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\Intel
2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ____D () C:\ProgramData\Intel
2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ____D () C:\Program Files\Common Files\Intel
2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-06-30 15:17 - 2014-06-30 15:18 - 00008990 _____ () C:\Windows\DPINST.LOG
2014-06-30 15:17 - 2014-06-30 15:18 - 00000000 ____D () C:\Program Files\Intel
2014-06-30 15:17 - 2014-06-30 15:17 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-24 22:01 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\Windows\system32\CNMLMAT.DLL
2014-06-24 22:01 - 2011-03-31 10:07 - 00302080 _____ (CANON INC.) C:\Windows\system32\CNC_ATC.dll
2014-06-24 22:01 - 2011-03-31 10:06 - 00112128 _____ (CANON INC.) C:\Windows\system32\CNC_ATI.dll
2014-06-24 22:01 - 2011-03-30 12:55 - 00373248 _____ (CANON INC.) C:\Windows\system32\CNC_ATL.dll
2014-06-24 22:01 - 2010-11-12 11:13 - 00068096 _____ () C:\Windows\system32\CNC1754D.TBL
2014-06-24 22:01 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2014-06-23 18:28 - 2014-06-23 18:28 - 00000000 ____D () C:\ProgramData\Gibraltar
2014-06-23 18:25 - 2014-06-23 18:25 - 00000000 ____D () C:\Users\Joe\AppData\Local\Swiss Academic Software
2014-06-23 18:24 - 2014-07-02 16:40 - 00000000 ____D () C:\Users\Joe\Documents\Citavi 4
2014-06-23 18:24 - 2014-06-23 18:28 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\Swiss Academic Software
2014-06-23 18:21 - 2014-06-23 18:22 - 00000000 ____D () C:\ProgramData\Swiss Academic Software
2014-06-23 18:21 - 2014-06-23 18:21 - 00001909 _____ () C:\Users\Public\Desktop\Citavi 4.lnk
2014-06-23 18:21 - 2014-06-23 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 4
2014-06-23 18:20 - 2014-06-23 18:21 - 00000000 ____D () C:\Program Files (x86)\Citavi 4
2014-06-23 18:14 - 2014-06-23 18:15 - 88342536 _____ (Swiss Academic Software) C:\Users\Joe\Downloads\Citavi4Setup.exe
2014-06-12 21:05 - 2014-06-12 21:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys
2014-06-11 19:27 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 19:27 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 19:27 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 19:27 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 19:27 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 19:27 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 19:27 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 19:27 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 19:27 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 19:27 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 19:27 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 19:27 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 19:27 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 19:27 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 19:27 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 19:27 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 19:27 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 19:27 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 19:27 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 19:27 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 19:27 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 19:27 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 19:27 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 19:27 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 19:27 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 19:27 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 19:27 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 19:27 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 19:27 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 19:27 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 19:27 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 19:27 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 19:27 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 19:27 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 19:27 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 19:27 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 19:27 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 19:27 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 19:27 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 19:27 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 19:27 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 19:27 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 19:27 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 19:27 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 19:27 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 19:27 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 19:27 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 19:27 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 19:27 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 19:27 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 19:27 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 19:27 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 19:27 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 19:27 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 19:27 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 19:27 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 19:27 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 19:27 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 19:27 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 19:27 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 19:27 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 19:27 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 19:27 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 19:27 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 19:25 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 19:25 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-03 14:53 - 2014-06-03 14:53 - 00000000 ____D () C:\Users\Joe\AppData\Local\Adobe

==================== One Month Modified Files and Folders =======

2014-07-02 17:37 - 2014-07-02 08:59 - 00017460 _____ () C:\Users\Joe\Desktop\FRST.txt
2014-07-02 17:37 - 2014-07-02 08:59 - 00000000 ____D () C:\FRST
2014-07-02 17:34 - 2014-07-02 17:34 - 00013981 _____ () C:\Users\Joe\Desktop\ANTI-Malware2.txt
2014-07-02 17:32 - 2014-07-02 17:32 - 00001254 _____ () C:\Users\Joe\Desktop\ANTI-Malware.txt
2014-07-02 17:29 - 2014-07-02 17:29 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\tmcjuljw.sys
2014-07-02 17:29 - 2014-07-02 16:55 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-02 17:25 - 2012-07-10 10:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-02 17:01 - 2014-07-02 16:55 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-02 16:55 - 2014-07-02 16:55 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-02 16:55 - 2014-07-02 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-02 16:55 - 2014-07-02 16:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-02 16:54 - 2014-07-02 16:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Joe\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-02 16:48 - 2012-02-15 16:04 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-02 16:40 - 2014-06-23 18:24 - 00000000 ____D () C:\Users\Joe\Documents\Citavi 4
2014-07-02 16:40 - 2011-07-15 19:58 - 00118928 _____ () C:\Users\Joe\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-02 16:23 - 2014-02-12 21:14 - 00005128 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Joe´s-PC-Joe Joe´s-PC
2014-07-02 16:17 - 2014-07-02 15:47 - 00000000 ____D () C:\Qoobox
2014-07-02 16:17 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-07-02 16:16 - 2014-07-02 16:16 - 00029961 _____ () C:\ComboFix.txt
2014-07-02 16:13 - 2014-07-02 15:46 - 00000000 ____D () C:\Windows\erdnt
2014-07-02 16:10 - 2009-07-14 06:45 - 00015360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-02 16:10 - 2009-07-14 06:45 - 00015360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-02 16:07 - 2011-07-15 18:18 - 02085669 _____ () C:\Windows\WindowsUpdate.log
2014-07-02 16:04 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-02 16:03 - 2012-02-15 16:04 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-02 16:03 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-02 16:02 - 2014-01-08 08:36 - 00269198 _____ () C:\Windows\PFRO.log
2014-07-02 16:02 - 2013-12-19 08:39 - 00030011 _____ () C:\Windows\setupact.log
2014-07-02 15:45 - 2014-07-02 15:44 - 05212874 ____R (Swearware) C:\Users\Joe\Desktop\ComboFix.exe
2014-07-02 15:40 - 2012-05-30 02:36 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-07-02 15:40 - 2011-07-15 18:53 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-02 14:57 - 2009-07-14 06:45 - 00467512 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-02 14:55 - 2014-07-02 14:54 - 00000000 ____D () C:\AdwCleaner
2014-07-02 14:55 - 2011-07-15 18:45 - 00001025 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-02 14:55 - 2011-07-15 18:45 - 00001013 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-02 14:55 - 2011-07-15 18:39 - 00000985 _____ () C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-02 14:52 - 2014-07-02 14:52 - 01342659 _____ () C:\Users\Joe\Desktop\adwcleaner_3.213.exe
2014-07-02 14:44 - 2014-07-02 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone
2014-07-02 14:42 - 2013-09-12 16:36 - 00000000 ____D () C:\ProgramData\Vodafone
2014-07-02 14:28 - 2014-07-01 16:19 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-07-02 14:04 - 2014-07-02 14:03 - 00000000 ____D () C:\Users\Joe\Desktop\revouninstaller-portable
2014-07-02 14:01 - 2014-07-02 14:01 - 03007700 _____ () C:\Users\Joe\Desktop\revouninstaller.zip
2014-07-02 13:26 - 2014-07-02 08:36 - 00003132 _____ () C:\Windows\System32\Tasks\System Speedup
2014-07-02 09:18 - 2009-07-14 12:57 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-07-02 09:18 - 2009-07-14 12:57 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-07-02 09:18 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-02 09:01 - 2014-07-02 09:01 - 00054018 _____ () C:\Users\Joe\Desktop\Addition.txt
2014-07-02 08:59 - 2014-07-02 08:59 - 02083840 _____ (Farbar) C:\Users\Joe\Desktop\FRST64.exe
2014-07-02 08:35 - 2014-07-02 08:35 - 00001038 _____ () C:\Users\Public\Desktop\System Speedup.lnk
2014-07-02 08:14 - 2014-07-01 22:18 - 00000000 ____D () C:\Users\Joe\Desktop\Anti
2014-07-01 22:43 - 2014-07-01 22:43 - 00000000 ____D () C:\Program Files (x86)\CB78F643-3729-434F-8C25-F28D15F025F3
2014-07-01 16:33 - 2014-07-01 16:33 - 00003164 _____ () C:\Windows\System32\Tasks\{908B9EC9-1106-4C32-A877-84E0562A3798}
2014-07-01 16:26 - 2014-07-01 16:19 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-01 16:24 - 2013-11-04 15:45 - 00000000 ____D () C:\Windows\uninstall
2014-07-01 16:22 - 2014-07-01 16:22 - 00000000 ____D () C:\Users\Joe\AppData\Local\com
2014-07-01 16:19 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-01 16:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-07-01 14:33 - 2013-08-08 00:27 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-30 15:19 - 2014-06-30 15:19 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\Intel
2014-06-30 15:19 - 2011-07-15 18:38 - 00000000 ____D () C:\Users\Joe
2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ____D () C:\ProgramData\Intel
2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ____D () C:\Program Files\Common Files\Intel
2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-06-30 15:18 - 2014-06-30 15:17 - 00008990 _____ () C:\Windows\DPINST.LOG
2014-06-30 15:18 - 2014-06-30 15:17 - 00000000 ____D () C:\Program Files\Intel
2014-06-30 15:17 - 2014-06-30 15:17 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-25 19:18 - 2009-07-14 13:20 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-25 07:38 - 2012-03-31 22:17 - 00000000 ____D () C:\Users\Joe\Desktop\Bachelor-Thesis
2014-06-23 18:28 - 2014-06-23 18:28 - 00000000 ____D () C:\ProgramData\Gibraltar
2014-06-23 18:28 - 2014-06-23 18:24 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\Swiss Academic Software
2014-06-23 18:25 - 2014-06-23 18:25 - 00000000 ____D () C:\Users\Joe\AppData\Local\Swiss Academic Software
2014-06-23 18:22 - 2014-06-23 18:21 - 00000000 ____D () C:\ProgramData\Swiss Academic Software
2014-06-23 18:21 - 2014-06-23 18:21 - 00001909 _____ () C:\Users\Public\Desktop\Citavi 4.lnk
2014-06-23 18:21 - 2014-06-23 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 4
2014-06-23 18:21 - 2014-06-23 18:20 - 00000000 ____D () C:\Program Files (x86)\Citavi 4
2014-06-23 18:18 - 2013-09-12 16:34 - 00000000 ____D () C:\Users\Joe\AppData\Local\Downloaded Installations
2014-06-23 18:15 - 2014-06-23 18:14 - 88342536 _____ (Swiss Academic Software) C:\Users\Joe\Downloads\Citavi4Setup.exe
2014-06-20 00:43 - 2012-02-15 16:04 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-20 00:43 - 2012-02-15 16:04 - 00003848 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-17 11:18 - 2014-01-08 00:17 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-06-15 23:17 - 2014-01-08 09:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-06-15 23:16 - 2013-10-21 07:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-13 20:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-13 18:33 - 2012-06-24 20:37 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\dvdcss
2014-06-12 21:05 - 2014-06-12 21:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys
2014-06-12 00:03 - 2013-08-14 20:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 00:00 - 2012-01-07 01:54 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 23:56 - 2014-05-06 11:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-11 12:46 - 2014-02-13 00:09 - 00000000 ____D () C:\Users\Joe\Desktop\Programme
2014-06-11 12:45 - 2011-07-16 00:56 - 00000000 ____D () C:\Users\Joe\Desktop\Games
2014-06-11 12:44 - 2012-01-15 23:35 - 00000000 ____D () C:\Users\Joe\Desktop\FH
2014-06-08 11:13 - 2014-06-11 19:25 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-11 19:25 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-03 23:01 - 2013-08-08 00:27 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-03 14:53 - 2014-06-03 14:53 - 00000000 ____D () C:\Users\Joe\AppData\Local\Adobe
2014-06-02 23:42 - 2012-07-10 10:05 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-02 23:42 - 2012-06-23 17:44 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-02 23:42 - 2011-07-15 19:14 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

Files to move or delete:
====================
C:\ProgramData\8ztlfw3.bxx
C:\ProgramData\8ztlfw3.fvv


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-28 00:51

==================== End Of Log ============================

--- --- ---

deeprybka · 02.07.2014, 17:01

Ja, ist das richtige...

Code:

ATTFilter

FF NetworkProxy: "backup.ftp", "		23.241.35.39"
FF NetworkProxy: "backup.ftp_port", 30721
FF NetworkProxy: "backup.socks", "		23.241.35.39"
FF NetworkProxy: "backup.socks_port", 30721
FF NetworkProxy: "backup.ssl", "		23.241.35.39"
FF NetworkProxy: "backup.ssl_port", 30721
FF NetworkProxy: "ftp", "	97.80.60.62"
FF NetworkProxy: "ftp_port", 25628
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "	97.80.60.62"
FF NetworkProxy: "socks_port", 25628
FF NetworkProxy: "ssl", "	97.80.60.62"
FF NetworkProxy: "ssl_port", 25628

Was ist damit? Kann das weg oder nicht?

Joe04 · 02.07.2014, 17:51

Anti-Malware:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 02.07.2014
Suchlauf-Zeit: 17:01:03
Logdatei: 
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.02.04
Rootkit Datenbank: v2014.07.01.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Joe

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 331346
Verstrichene Zeit: 25 Min, 13 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\CB78F643-3729-434F-8C25-F28D15F025F3\SupraSavingsService64.exe, 2240, Löschen bei Neustart, [bd9a27730d6e211524733fcc7292ec14]

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 16
PUP.Optional.SearchYah.A, HKU\S-1-5-21-2168211459-3127497666-3910615475-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{25927741-5E5B-4D27-8D8B-9188FE64373F}, Löschen bei Neustart, [47106d2dabd0d264de18e16b8082659b], 
PUP.Optional.VShareRedir, HKU\S-1-5-21-2168211459-3127497666-3910615475-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}, Löschen bei Neustart, [2b2ce8b29be04de90749d091a65c1ee2], 
Trojan.Banker, HKU\S-1-5-21-2168211459-3127497666-3910615475-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{DD31495E-290C-41CF-8C66-7415383F82DE}, Löschen bei Neustart, [87d05b3fb5c605310cb32832ae545ba5], 
PUP.Optional.HDPlus.A, HKLM\SOFTWARE\WOW6432NODE\HQube-V1.6, In Quarantäne, [183fabef9eddfb3bbe618729ca38ce32], 
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [ba9d6931e29993a3e4fd15f6a0648779], 
PUP.Optional.WeatherItUp.A, HKLM\SOFTWARE\WOW6432NODE\Weather It Up, In Quarantäne, [5601afeb6417a98d9e9dac2246bc8878], 
PUP.Optional.SupraSavings.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SupraSavingsService64, In Quarantäne, [bd9a27730d6e211524733fcc7292ec14], 
PUP.Optional.HDPlus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQube-V1.6, Löschen bei Neustart, [9eb99bffa1da87af9c85a60a857d9967], 
PUP.Optional.ReMarkable.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Re_Markable, Löschen bei Neustart, [25321d7d621983b32e09e5e35ba7b14f], 
PUP.Optional.SupraSavings.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Supra Savings, Löschen bei Neustart, [be99c9d135466fc7b78debdb04fef50b], 
PUP.Optional.MediaPlayer.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\video MediaPlay-Air, Löschen bei Neustart, [193e69313c3fea4c915861aa7e8644bc], 
PUP.Optional.HDPlus.A, HKU\S-1-5-21-2168211459-3127497666-3910615475-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQube-V1.6, Löschen bei Neustart, [97c0e5b57308a6905cc5783853af8878], 
PUP.Optional.WeatherItUp.A, HKU\S-1-5-21-2168211459-3127497666-3910615475-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Weather It Up, Löschen bei Neustart, [3d1acbcfd5a695a1af8aede1a85a0af6], 
PUP.Optional.WeatherItUp.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Weather It Up, In Quarantäne, [e374b0ea1467a29475a8e4b7b64c9e62], 
PUP.Optional.HDPlus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\HQube-V1.6, In Quarantäne, [67f095054e2d78bede77416ee12128d8], 
PUP.Optional.Complitly.A, HKU\S-1-5-21-2168211459-3127497666-3910615475-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{0FB6A909-6086-458F-BD92-1F8EE10042A0}, Löschen bei Neustart, [76e1574387f43ef8bc968d08ba4ab34d], 

Registrierungswerte: 1
PUP.Optional.FastStart.A, HKU\S-1-5-21-2168211459-3127497666-3910615475-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, Löschen bei Neustart, [0e499307f08b3ef82b4a555b0bf740c0]

Registrierungsdaten: 1
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[d780079317643afccf7b801010f4e31d]

Ordner: 11
PUP.Optional.WeatherItUp.A, C:\Program Files (x86)\Weather It Up, In Quarantäne, [e374b0ea1467a29475a8e4b7b64c9e62], 
PUP.Optional.SupraSavings.A, C:\Program Files\SupraSavings, In Quarantäne, [c196b2e884f75ed84a127c22ef138977], 
PUP.Optional.SupraSavings.A, C:\Program Files\SupraSavings\SSL, In Quarantäne, [c196b2e884f75ed84a127c22ef138977], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HQube-V1.6, In Quarantäne, [67f095054e2d78bede77416ee12128d8], 
Trojan.0Access, c:\program files (x86)\google\desktop\install\{d41ae97b-10e3-c648-1caf-041ba960838a}\   , Löschen bei Neustart, [d087abefc9b290a6eb5808fa8d739d63], 
Trojan.0Access, c:\program files (x86)\google\desktop\install\{d41ae97b-10e3-c648-1caf-041ba960838a}\   \..., In Quarantäne, [d087abefc9b290a6eb5808fa8d739d63], 
Trojan.0Access, c:\program files (x86)\google\desktop\install\{d41ae97b-10e3-c648-1caf-041ba960838a}\   \...\â€®ï¯¹à¹›, In Quarantäne, [d087abefc9b290a6eb5808fa8d739d63], 
Trojan.0Access, c:\program files (x86)\google\desktop\install\{d41ae97b-10e3-c648-1caf-041ba960838a}\   \...\â€®ï¯¹à¹›\{d41ae97b-10e3-c648-1caf-041ba960838a}, In Quarantäne, [d087abefc9b290a6eb5808fa8d739d63], 
Trojan.0Access, c:\program files (x86)\google\desktop\install\{d41ae97b-10e3-c648-1caf-041ba960838a}\   \...\â€®ï¯¹à¹›\{d41ae97b-10e3-c648-1caf-041ba960838a}\l, In Quarantäne, [d087abefc9b290a6eb5808fa8d739d63], 
Trojan.0Access, c:\program files (x86)\google\desktop\install\{d41ae97b-10e3-c648-1caf-041ba960838a}\   \...\â€®ï¯¹à¹›\{d41ae97b-10e3-c648-1caf-041ba960838a}\u, In Quarantäne, [d087abefc9b290a6eb5808fa8d739d63], 
Trojan.0Access, C:\Program Files (x86)\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}, In Quarantäne, [3e19debccfac3bfbb68e0cf634cc9070], 

Dateien: 48
Trojan.FakeMS.ED, C:\ProgramData\8ztlfw3.pss, In Quarantäne, [3c1b702a5328b87e78a096826d94d729], 
PUP.Optional.OpenCandy, C:\Users\Joe\AppData\Roaming\PowerISO\Upgrade\PowerISO5.exe, In Quarantäne, [7bdc73279be07abcc3f000b4699b29d7], 
Trojan.KillAV, C:\Users\Joe\Downloads\SciLorsGrooveshark.comDownloaderV0.4.9.2c.zip, In Quarantäne, [7cdb68326714fb3b3db194a96f9338c8], 
Trojan.KillAV, C:\Users\Joe\Downloads\SciLorsGrooveshark.comDownloaderV0.4.9.3a.src.zip, In Quarantäne, [2235821883f83105bb3395a83cc60df3], 
PUP.Optional.OpenCandy, C:\Users\Joe\Downloads\veetle-0.9.18.exe, In Quarantäne, [15422971205bfb3b7e35ebc9d2324cb4], 
PUP.Optional.OpenCandy, C:\Users\Joe\Downloads\veetle-0.9.19.exe, In Quarantäne, [c3949cfefe7d63d3b9fa7c38c0443ac6], 
PUP.Optional.OpenCandy, C:\Users\Joe\Downloads\winamp5623_full_emusic-7plus_all.exe, In Quarantäne, [510624763f3cf4423f742094828231cf], 
Hacktool.Agent, C:\Users\Joe\Desktop\FH\MS Office 2007\Office image\Microsoft Office 2007 Application - Volume License Generator.exe, In Quarantäne, [c592faa01962270fa14ea628ee1344bc], 
RiskWare.Tool.CK, C:\Users\Joe\Desktop\FH\MS Office 2007\Office image\Office2007keygen.exe, In Quarantäne, [8fc8b4e6a4d71e180d6024acc839c43c], 
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\CB78F643-3729-434F-8C25-F28D15F025F3\SupraSavingsService64.exe, Löschen bei Neustart, [bd9a27730d6e211524733fcc7292ec14], 
PUP.Optional.WeatherItUp.A, C:\Program Files (x86)\Weather It Up\Uninstall.exe, In Quarantäne, [e374b0ea1467a29475a8e4b7b64c9e62], 
PUP.Optional.WeatherItUp.A, C:\Program Files (x86)\Weather It Up\1293297481.mxaddon, In Quarantäne, [e374b0ea1467a29475a8e4b7b64c9e62], 
PUP.Optional.WeatherItUp.A, C:\Program Files (x86)\Weather It Up\360-49136.crx, In Quarantäne, [e374b0ea1467a29475a8e4b7b64c9e62], 
PUP.Optional.WeatherItUp.A, C:\Program Files (x86)\Weather It Up\49136.xpi, In Quarantäne, [e374b0ea1467a29475a8e4b7b64c9e62], 
PUP.Optional.WeatherItUp.A, C:\Program Files (x86)\Weather It Up\9ac29ed9-d605-445d-ab51-5460993c2e60.crx, In Quarantäne, [e374b0ea1467a29475a8e4b7b64c9e62], 
PUP.Optional.WeatherItUp.A, C:\Program Files (x86)\Weather It Up\background.html, In Quarantäne, [e374b0ea1467a29475a8e4b7b64c9e62], 
PUP.Optional.WeatherItUp.A, C:\Program Files (x86)\Weather It Up\utils.exe, In Quarantäne, [e374b0ea1467a29475a8e4b7b64c9e62], 
PUP.Optional.WeatherItUp.A, C:\Program Files (x86)\Weather It Up\Weather It Up-bg.exe, In Quarantäne, [e374b0ea1467a29475a8e4b7b64c9e62], 
PUP.Optional.WeatherItUp.A, C:\Program Files (x86)\Weather It Up\Weather It Up-bho.dll, In Quarantäne, [e374b0ea1467a29475a8e4b7b64c9e62], 
PUP.Optional.WeatherItUp.A, C:\Program Files (x86)\Weather It Up\Weather It Up-bho64.dll, In Quarantäne, [e374b0ea1467a29475a8e4b7b64c9e62], 
PUP.Optional.WeatherItUp.A, C:\Program Files (x86)\Weather It Up\Weather It Up-buttonutil.dll, In Quarantäne, [e374b0ea1467a29475a8e4b7b64c9e62], 
PUP.Optional.WeatherItUp.A, C:\Program Files (x86)\Weather It Up\Weather It Up-buttonutil.exe, In Quarantäne, [e374b0ea1467a29475a8e4b7b64c9e62], 
PUP.Optional.WeatherItUp.A, C:\Program Files (x86)\Weather It Up\Weather It Up-buttonutil64.dll, In Quarantäne, [e374b0ea1467a29475a8e4b7b64c9e62], 
PUP.Optional.WeatherItUp.A, C:\Program Files (x86)\Weather It Up\Weather It Up-buttonutil64.exe, In Quarantäne, [e374b0ea1467a29475a8e4b7b64c9e62], 
PUP.Optional.WeatherItUp.A, C:\Program Files (x86)\Weather It Up\Weather It Up.ico, In Quarantäne, [e374b0ea1467a29475a8e4b7b64c9e62], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HQube-V1.6\1293297481.mxaddon, In Quarantäne, [67f095054e2d78bede77416ee12128d8], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HQube-V1.6\29d989c7-1a71-4010-8cd0-9237e6a26eb4-10.exe, In Quarantäne, [67f095054e2d78bede77416ee12128d8], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HQube-V1.6\29d989c7-1a71-4010-8cd0-9237e6a26eb4-2.exe, In Quarantäne, [67f095054e2d78bede77416ee12128d8], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HQube-V1.6\29d989c7-1a71-4010-8cd0-9237e6a26eb4-5.exe, In Quarantäne, [67f095054e2d78bede77416ee12128d8], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HQube-V1.6\29d989c7-1a71-4010-8cd0-9237e6a26eb4.crx, In Quarantäne, [67f095054e2d78bede77416ee12128d8], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HQube-V1.6\360-59568.crx, In Quarantäne, [67f095054e2d78bede77416ee12128d8], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HQube-V1.6\59568.crx, In Quarantäne, [67f095054e2d78bede77416ee12128d8], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HQube-V1.6\59568.xpi, In Quarantäne, [67f095054e2d78bede77416ee12128d8], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HQube-V1.6\background.html, In Quarantäne, [67f095054e2d78bede77416ee12128d8], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HQube-V1.6\HQube-V1.6-bho.dll, In Quarantäne, [67f095054e2d78bede77416ee12128d8], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HQube-V1.6\HQube-V1.6-bho64.dll, In Quarantäne, [67f095054e2d78bede77416ee12128d8], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HQube-V1.6\HQube-V1.6.ico, In Quarantäne, [67f095054e2d78bede77416ee12128d8], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HQube-V1.6\Uninstall.exe, In Quarantäne, [67f095054e2d78bede77416ee12128d8], 
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HQube-V1.6\utils.exe, In Quarantäne, [67f095054e2d78bede77416ee12128d8], 
Trojan.0Access, c:\Program Files (x86)\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\   \...\â€®ï¯¹à¹›\{d41ae97b-10e3-c648-1caf-041ba960838a}\@, In Quarantäne, [d087abefc9b290a6eb5808fa8d739d63], 
Trojan.0Access, c:\Program Files (x86)\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\   \...\â€®ï¯¹à¹›\{d41ae97b-10e3-c648-1caf-041ba960838a}\L\00000004.@, In Quarantäne, [d087abefc9b290a6eb5808fa8d739d63], 
Trojan.0Access, c:\Program Files (x86)\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\   \...\â€®ï¯¹à¹›\{d41ae97b-10e3-c648-1caf-041ba960838a}\L\76603ac3, In Quarantäne, [d087abefc9b290a6eb5808fa8d739d63], 
Trojan.0Access, c:\Program Files (x86)\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\   \...\â€®ï¯¹à¹›\{d41ae97b-10e3-c648-1caf-041ba960838a}\U\00000004.@, In Quarantäne, [d087abefc9b290a6eb5808fa8d739d63], 
Trojan.0Access, c:\Program Files (x86)\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\   \...\â€®ï¯¹à¹›\{d41ae97b-10e3-c648-1caf-041ba960838a}\U\00000008.@, In Quarantäne, [d087abefc9b290a6eb5808fa8d739d63], 
Trojan.0Access, c:\Program Files (x86)\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\   \...\â€®ï¯¹à¹›\{d41ae97b-10e3-c648-1caf-041ba960838a}\U\000000cb.@, In Quarantäne, [d087abefc9b290a6eb5808fa8d739d63], 
Trojan.0Access, c:\Program Files (x86)\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\   \...\â€®ï¯¹à¹›\{d41ae97b-10e3-c648-1caf-041ba960838a}\U\80000000.@, In Quarantäne, [d087abefc9b290a6eb5808fa8d739d63], 
Trojan.0Access, c:\Program Files (x86)\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\   \...\â€®ï¯¹à¹›\{d41ae97b-10e3-c648-1caf-041ba960838a}\U\80000032.@, In Quarantäne, [d087abefc9b290a6eb5808fa8d739d63], 
Trojan.0Access, c:\Program Files (x86)\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\   \...\â€®ï¯¹à¹›\{d41ae97b-10e3-c648-1caf-041ba960838a}\U\80000064.@, In Quarantäne, [d087abefc9b290a6eb5808fa8d739d63], 

Physische Sektoren: 0
(No malicious items detected)


(end)

FRST:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2014
Ran by Joe (administrator) on JOE´S-PC on 02-07-2014 18:40:44
Running from C:\Users\Joe\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(SanDisk Corporation) C:\Users\Joe\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [336992 2012-12-09] (Power Software Ltd)
HKU\S-1-5-21-2168211459-3127497666-3910615475-1000\...\Run: [SansaDispatch] => C:\Users\Joe\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [613888 2014-03-14] (SanDisk Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x01ED3657BBCCCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://startsear.ch/?aff=1&src=sp&cf=1ffc10a6-3ece-11e1-98fe-40618616ae65&q={searchTerms}
SearchScopes: HKCU - {8C48B540-8632-4590-860D-52EA3B8FA5D0} URL = hxxp://searchya.com/?chnl=ft-102&s=1&cr=1723402304&cd=2XzutAtN2Y1L1QzuyEtDyCtCzzyCtCyC0A0EyCyDyC0B0FtCyBtN0D0TzutBtDtCtBtDtAtDtB&q={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Citavi Picker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Citavi Picker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{2EDCA1BE-6DA2-4813-BAD2-BB8E3AA6EE10}: [NameServer]139.7.30.125 139.7.30.126
Tcpip\..\Interfaces\{AF2A3D51-91A7-4FCA-AED4-CF72E6F4B1D9}: [NameServer]139.7.30.126 139.7.30.125
Tcpip\..\Interfaces\{B5127C26-120D-45E9-9400-A2380AAA4DC5}: [NameServer]139.7.30.126 139.7.30.125

FireFox:
========
FF ProfilePath: C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default
FF NewTab: chrome://quick_start/content/index.html
FF SelectedSearchEngine: Google
FF NetworkProxy: "backup.ftp", "		23.241.35.39"
FF NetworkProxy: "backup.ftp_port", 30721
FF NetworkProxy: "backup.socks", "		23.241.35.39"
FF NetworkProxy: "backup.socks_port", 30721
FF NetworkProxy: "backup.ssl", "		23.241.35.39"
FF NetworkProxy: "backup.ssl_port", 30721
FF NetworkProxy: "ftp", "	97.80.60.62"
FF NetworkProxy: "ftp_port", 25628
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "	97.80.60.62"
FF NetworkProxy: "socks_port", 25628
FF NetworkProxy: "ssl", "	97.80.60.62"
FF NetworkProxy: "ssl_port", 25628
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\searchplugins\leo-deu-eng.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\donottrackplus@abine.com [2014-07-02]
FF Extension: ProxTube - Unblock YouTube - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\ich@maltegoetz.de [2014-05-23]
FF Extension: YouTube Unblocker - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\youtubeunblocker@unblocker.yt [2014-05-23]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-05-13]
FF Extension: Boost - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\boost@boost.net.xpi [2014-05-16]
FF Extension: Grooveshark Unlocker - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\groovesharkUnlocker@overlord1337.xpi [2012-01-30]
FF Extension: NASA Night Launch - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\nasanightlaunch@example.com.xpi [2012-12-03]
FF Extension: vshare Add-On - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi [2011-09-10]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-06-23]
FF HKCU\...\Firefox\Extensions: [{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}] - C:\Users\Joe\AppData\Roaming\13001.028

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-01] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1028688 2014-07-01] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-20] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2014-04-21] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [214520 2014-04-21] ()
R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [317296 2011-06-24] (Sierra Wireless, Inc.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-20] (Intel® Corporation)
S2 VmbService; "C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe" [X]

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-11-02] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [422400 2012-04-20] (Huawei Technologies Co., Ltd.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-11-02] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-06-12] (NetFilterSDK.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-02 17:34 - 2014-07-02 17:34 - 00013981 _____ () C:\Users\Joe\Desktop\ANTI-Malware2.txt
2014-07-02 17:32 - 2014-07-02 17:32 - 00001254 _____ () C:\Users\Joe\Desktop\ANTI-Malware.txt
2014-07-02 16:55 - 2014-07-02 18:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-02 16:55 - 2014-07-02 17:29 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-02 16:55 - 2014-07-02 16:55 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-02 16:55 - 2014-07-02 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-02 16:55 - 2014-07-02 16:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-02 16:55 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-02 16:55 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-02 16:55 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-02 16:53 - 2014-07-02 16:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Joe\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-02 16:16 - 2014-07-02 16:16 - 00029961 _____ () C:\ComboFix.txt
2014-07-02 15:47 - 2014-07-02 16:17 - 00000000 ____D () C:\Qoobox
2014-07-02 15:47 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-02 15:47 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-02 15:47 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-02 15:47 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-02 15:47 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-02 15:47 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-02 15:47 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-02 15:47 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-02 15:46 - 2014-07-02 16:13 - 00000000 ____D () C:\Windows\erdnt
2014-07-02 15:44 - 2014-07-02 15:45 - 05212874 ____R (Swearware) C:\Users\Joe\Desktop\ComboFix.exe
2014-07-02 14:54 - 2014-07-02 14:55 - 00000000 ____D () C:\AdwCleaner
2014-07-02 14:52 - 2014-07-02 14:52 - 01342659 _____ () C:\Users\Joe\Desktop\adwcleaner_3.213.exe
2014-07-02 14:42 - 2014-07-02 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone
2014-07-02 14:03 - 2014-07-02 14:04 - 00000000 ____D () C:\Users\Joe\Desktop\revouninstaller-portable
2014-07-02 14:01 - 2014-07-02 14:01 - 03007700 _____ () C:\Users\Joe\Desktop\revouninstaller.zip
2014-07-02 09:01 - 2014-07-02 09:01 - 00054018 _____ () C:\Users\Joe\Desktop\Addition.txt
2014-07-02 08:59 - 2014-07-02 18:40 - 00017206 _____ () C:\Users\Joe\Desktop\FRST.txt
2014-07-02 08:59 - 2014-07-02 18:40 - 00000000 ____D () C:\FRST
2014-07-02 08:59 - 2014-07-02 08:59 - 02083840 _____ (Farbar) C:\Users\Joe\Desktop\FRST64.exe
2014-07-02 08:36 - 2014-07-02 13:26 - 00003132 _____ () C:\Windows\System32\Tasks\System Speedup
2014-07-02 08:35 - 2014-07-02 08:35 - 00001038 _____ () C:\Users\Public\Desktop\System Speedup.lnk
2014-07-01 22:43 - 2014-07-02 18:32 - 00000000 ____D () C:\Program Files (x86)\CB78F643-3729-434F-8C25-F28D15F025F3
2014-07-01 22:18 - 2014-07-02 08:14 - 00000000 ____D () C:\Users\Joe\Desktop\Anti
2014-07-01 16:33 - 2014-07-01 16:33 - 00003164 _____ () C:\Windows\System32\Tasks\{908B9EC9-1106-4C32-A877-84E0562A3798}
2014-07-01 16:22 - 2014-07-01 16:22 - 00000000 ____D () C:\Users\Joe\AppData\Local\com
2014-07-01 16:19 - 2014-07-02 14:28 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-07-01 16:19 - 2014-07-01 16:26 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-30 15:19 - 2014-06-30 15:19 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\Intel
2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ____D () C:\ProgramData\Intel
2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ____D () C:\Program Files\Common Files\Intel
2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-06-30 15:17 - 2014-06-30 15:18 - 00008990 _____ () C:\Windows\DPINST.LOG
2014-06-30 15:17 - 2014-06-30 15:18 - 00000000 ____D () C:\Program Files\Intel
2014-06-30 15:17 - 2014-06-30 15:17 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-24 22:01 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\Windows\system32\CNMLMAT.DLL
2014-06-24 22:01 - 2011-03-31 10:07 - 00302080 _____ (CANON INC.) C:\Windows\system32\CNC_ATC.dll
2014-06-24 22:01 - 2011-03-31 10:06 - 00112128 _____ (CANON INC.) C:\Windows\system32\CNC_ATI.dll
2014-06-24 22:01 - 2011-03-30 12:55 - 00373248 _____ (CANON INC.) C:\Windows\system32\CNC_ATL.dll
2014-06-24 22:01 - 2010-11-12 11:13 - 00068096 _____ () C:\Windows\system32\CNC1754D.TBL
2014-06-24 22:01 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2014-06-23 18:28 - 2014-06-23 18:28 - 00000000 ____D () C:\ProgramData\Gibraltar
2014-06-23 18:25 - 2014-06-23 18:25 - 00000000 ____D () C:\Users\Joe\AppData\Local\Swiss Academic Software
2014-06-23 18:24 - 2014-07-02 16:40 - 00000000 ____D () C:\Users\Joe\Documents\Citavi 4
2014-06-23 18:24 - 2014-06-23 18:28 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\Swiss Academic Software
2014-06-23 18:21 - 2014-06-23 18:22 - 00000000 ____D () C:\ProgramData\Swiss Academic Software
2014-06-23 18:21 - 2014-06-23 18:21 - 00001909 _____ () C:\Users\Public\Desktop\Citavi 4.lnk
2014-06-23 18:21 - 2014-06-23 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 4
2014-06-23 18:20 - 2014-06-23 18:21 - 00000000 ____D () C:\Program Files (x86)\Citavi 4
2014-06-23 18:14 - 2014-06-23 18:15 - 88342536 _____ (Swiss Academic Software) C:\Users\Joe\Downloads\Citavi4Setup.exe
2014-06-12 21:05 - 2014-06-12 21:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys
2014-06-11 19:27 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 19:27 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 19:27 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 19:27 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 19:27 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 19:27 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 19:27 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 19:27 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 19:27 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 19:27 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 19:27 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 19:27 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 19:27 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 19:27 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 19:27 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 19:27 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 19:27 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 19:27 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 19:27 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 19:27 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 19:27 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 19:27 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 19:27 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 19:27 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 19:27 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 19:27 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 19:27 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 19:27 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 19:27 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 19:27 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 19:27 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 19:27 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 19:27 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 19:27 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 19:27 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 19:27 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 19:27 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 19:27 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 19:27 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 19:27 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 19:27 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 19:27 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 19:27 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 19:27 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 19:27 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 19:27 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 19:27 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 19:27 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 19:27 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 19:27 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 19:27 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 19:27 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 19:27 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 19:27 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 19:27 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 19:27 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 19:27 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 19:27 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 19:27 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 19:27 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 19:27 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 19:27 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 19:27 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 19:27 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 19:25 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 19:25 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-03 14:53 - 2014-06-03 14:53 - 00000000 ____D () C:\Users\Joe\AppData\Local\Adobe

==================== One Month Modified Files and Folders =======

2014-07-02 18:41 - 2014-07-02 08:59 - 00017206 _____ () C:\Users\Joe\Desktop\FRST.txt
2014-07-02 18:40 - 2014-07-02 08:59 - 00000000 ____D () C:\FRST
2014-07-02 18:37 - 2014-07-02 16:55 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-02 18:35 - 2014-02-12 21:14 - 00005128 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Joe´s-PC-Joe Joe´s-PC
2014-07-02 18:35 - 2012-02-15 16:04 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-02 18:33 - 2013-12-19 08:39 - 00030067 _____ () C:\Windows\setupact.log
2014-07-02 18:33 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-02 18:32 - 2014-07-01 22:43 - 00000000 ____D () C:\Program Files (x86)\CB78F643-3729-434F-8C25-F28D15F025F3
2014-07-02 18:32 - 2014-01-08 08:36 - 00286562 _____ () C:\Windows\PFRO.log
2014-07-02 18:31 - 2011-07-15 18:18 - 02093518 _____ () C:\Windows\WindowsUpdate.log
2014-07-02 18:25 - 2012-07-10 10:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-02 17:48 - 2012-02-15 16:04 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-02 17:34 - 2014-07-02 17:34 - 00013981 _____ () C:\Users\Joe\Desktop\ANTI-Malware2.txt
2014-07-02 17:32 - 2014-07-02 17:32 - 00001254 _____ () C:\Users\Joe\Desktop\ANTI-Malware.txt
2014-07-02 17:29 - 2014-07-02 16:55 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-02 16:55 - 2014-07-02 16:55 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-02 16:55 - 2014-07-02 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-02 16:55 - 2014-07-02 16:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-02 16:54 - 2014-07-02 16:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Joe\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-02 16:40 - 2014-06-23 18:24 - 00000000 ____D () C:\Users\Joe\Documents\Citavi 4
2014-07-02 16:40 - 2011-07-15 19:58 - 00118928 _____ () C:\Users\Joe\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-02 16:17 - 2014-07-02 15:47 - 00000000 ____D () C:\Qoobox
2014-07-02 16:17 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-07-02 16:16 - 2014-07-02 16:16 - 00029961 _____ () C:\ComboFix.txt
2014-07-02 16:13 - 2014-07-02 15:46 - 00000000 ____D () C:\Windows\erdnt
2014-07-02 16:10 - 2009-07-14 06:45 - 00015360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-02 16:10 - 2009-07-14 06:45 - 00015360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-02 16:04 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-02 15:45 - 2014-07-02 15:44 - 05212874 ____R (Swearware) C:\Users\Joe\Desktop\ComboFix.exe
2014-07-02 15:40 - 2012-05-30 02:36 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-07-02 15:40 - 2011-07-15 18:53 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-02 14:57 - 2009-07-14 06:45 - 00467512 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-02 14:55 - 2014-07-02 14:54 - 00000000 ____D () C:\AdwCleaner
2014-07-02 14:55 - 2011-07-15 18:45 - 00001025 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-02 14:55 - 2011-07-15 18:45 - 00001013 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-02 14:55 - 2011-07-15 18:39 - 00000985 _____ () C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-02 14:52 - 2014-07-02 14:52 - 01342659 _____ () C:\Users\Joe\Desktop\adwcleaner_3.213.exe
2014-07-02 14:44 - 2014-07-02 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone
2014-07-02 14:42 - 2013-09-12 16:36 - 00000000 ____D () C:\ProgramData\Vodafone
2014-07-02 14:28 - 2014-07-01 16:19 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-07-02 14:04 - 2014-07-02 14:03 - 00000000 ____D () C:\Users\Joe\Desktop\revouninstaller-portable
2014-07-02 14:01 - 2014-07-02 14:01 - 03007700 _____ () C:\Users\Joe\Desktop\revouninstaller.zip
2014-07-02 13:26 - 2014-07-02 08:36 - 00003132 _____ () C:\Windows\System32\Tasks\System Speedup
2014-07-02 09:18 - 2009-07-14 12:57 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-07-02 09:18 - 2009-07-14 12:57 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-07-02 09:18 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-02 09:01 - 2014-07-02 09:01 - 00054018 _____ () C:\Users\Joe\Desktop\Addition.txt
2014-07-02 08:59 - 2014-07-02 08:59 - 02083840 _____ (Farbar) C:\Users\Joe\Desktop\FRST64.exe
2014-07-02 08:35 - 2014-07-02 08:35 - 00001038 _____ () C:\Users\Public\Desktop\System Speedup.lnk
2014-07-02 08:14 - 2014-07-01 22:18 - 00000000 ____D () C:\Users\Joe\Desktop\Anti
2014-07-01 16:33 - 2014-07-01 16:33 - 00003164 _____ () C:\Windows\System32\Tasks\{908B9EC9-1106-4C32-A877-84E0562A3798}
2014-07-01 16:26 - 2014-07-01 16:19 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-01 16:24 - 2013-11-04 15:45 - 00000000 ____D () C:\Windows\uninstall
2014-07-01 16:22 - 2014-07-01 16:22 - 00000000 ____D () C:\Users\Joe\AppData\Local\com
2014-07-01 16:19 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-01 16:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-07-01 14:33 - 2013-08-08 00:27 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-30 15:19 - 2014-06-30 15:19 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\Intel
2014-06-30 15:19 - 2011-07-15 18:38 - 00000000 ____D () C:\Users\Joe
2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ____D () C:\ProgramData\Intel
2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ____D () C:\Program Files\Common Files\Intel
2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-06-30 15:18 - 2014-06-30 15:17 - 00008990 _____ () C:\Windows\DPINST.LOG
2014-06-30 15:18 - 2014-06-30 15:17 - 00000000 ____D () C:\Program Files\Intel
2014-06-30 15:17 - 2014-06-30 15:17 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-25 19:18 - 2009-07-14 13:20 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-25 07:38 - 2012-03-31 22:17 - 00000000 ____D () C:\Users\Joe\Desktop\Bachelor-Thesis
2014-06-23 18:28 - 2014-06-23 18:28 - 00000000 ____D () C:\ProgramData\Gibraltar
2014-06-23 18:28 - 2014-06-23 18:24 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\Swiss Academic Software
2014-06-23 18:25 - 2014-06-23 18:25 - 00000000 ____D () C:\Users\Joe\AppData\Local\Swiss Academic Software
2014-06-23 18:22 - 2014-06-23 18:21 - 00000000 ____D () C:\ProgramData\Swiss Academic Software
2014-06-23 18:21 - 2014-06-23 18:21 - 00001909 _____ () C:\Users\Public\Desktop\Citavi 4.lnk
2014-06-23 18:21 - 2014-06-23 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 4
2014-06-23 18:21 - 2014-06-23 18:20 - 00000000 ____D () C:\Program Files (x86)\Citavi 4
2014-06-23 18:18 - 2013-09-12 16:34 - 00000000 ____D () C:\Users\Joe\AppData\Local\Downloaded Installations
2014-06-23 18:15 - 2014-06-23 18:14 - 88342536 _____ (Swiss Academic Software) C:\Users\Joe\Downloads\Citavi4Setup.exe
2014-06-20 00:43 - 2012-02-15 16:04 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-20 00:43 - 2012-02-15 16:04 - 00003848 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-17 11:18 - 2014-01-08 00:17 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-06-15 23:17 - 2014-01-08 09:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-06-15 23:16 - 2013-10-21 07:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-13 20:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-13 18:33 - 2012-06-24 20:37 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\dvdcss
2014-06-12 21:05 - 2014-06-12 21:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys
2014-06-12 00:03 - 2013-08-14 20:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 00:00 - 2012-01-07 01:54 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 23:56 - 2014-05-06 11:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-11 12:46 - 2014-02-13 00:09 - 00000000 ____D () C:\Users\Joe\Desktop\Programme
2014-06-11 12:45 - 2011-07-16 00:56 - 00000000 ____D () C:\Users\Joe\Desktop\Games
2014-06-11 12:44 - 2012-01-15 23:35 - 00000000 ____D () C:\Users\Joe\Desktop\FH
2014-06-08 11:13 - 2014-06-11 19:25 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-11 19:25 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-03 23:01 - 2013-08-08 00:27 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-03 14:53 - 2014-06-03 14:53 - 00000000 ____D () C:\Users\Joe\AppData\Local\Adobe
2014-06-02 23:42 - 2012-07-10 10:05 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-02 23:42 - 2012-06-23 17:44 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-02 23:42 - 2011-07-15 19:14 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

Files to move or delete:
====================
C:\ProgramData\8ztlfw3.bxx
C:\ProgramData\8ztlfw3.fvv


Some content of TEMP:
====================
C:\Users\Joe\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-28 00:51

==================== End Of Log ============================

--- --- ---

--- --- ---

Oh, sorry. Ähm was ist das?

Alte backups? solange jetzt alles save ist... raus damit!

deeprybka · 02.07.2014, 18:03

Nö, das sind Proxyeinstellungen....

Schritt 1

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:

Code:

ATTFilter

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://startsear.ch/?aff=1&src=sp&cf=1ffc10a6-3ece-11e1-98fe-40618616ae65&q={searchTerms}
SearchScopes: HKCU - {8C48B540-8632-4590-860D-52EA3B8FA5D0} URL = hxxp://searchya.com/?chnl=ft-102&s=1&cr=1723402304&cd=2XzutAtN2Y1L1QzuyEtDyCtCzzyCtCyC0A0EyCyDyC0B0FtCyBtN0D0TzutBtDtCtBtDtAtDtB&q={searchTerms}
FF NewTab: chrome://quick_start/content/index.html
FF NetworkProxy: "backup.ftp", "		23.241.35.39"
FF NetworkProxy: "backup.ftp_port", 30721
FF NetworkProxy: "backup.socks", "		23.241.35.39"
FF NetworkProxy: "backup.socks_port", 30721
FF NetworkProxy: "backup.ssl", "		23.241.35.39"
FF NetworkProxy: "backup.ssl_port", 30721
FF NetworkProxy: "ftp", "	97.80.60.62"
FF NetworkProxy: "ftp_port", 25628
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "	97.80.60.62"
FF NetworkProxy: "socks_port", 25628
FF NetworkProxy: "ssl", "	97.80.60.62"
FF NetworkProxy: "ssl_port", 25628
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
C:\ProgramData\8ztlfw3.bxx
C:\ProgramData\8ztlfw3.fvv

Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.

Starte FRST und drücke auf den Fix-Button.
Das Tool erstellt eine "Fixlog.txt" -Datei.
Poste mir bitte deren Inhalt.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3

Bitte starte FRST erneut, markiere auch die checkbox

und drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

Joe04 · 02.07.2014, 19:21

Fixlog:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-07-2014
Ran by Joe at 2014-07-02 19:15:28 Run:1
Running from C:\Users\Joe\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://startsear.ch/?aff=1&src=sp&cf=1ffc10a6-3ece-11e1-98fe-40618616ae65&q={searchTerms}
SearchScopes: HKCU - {8C48B540-8632-4590-860D-52EA3B8FA5D0} URL = hxxp://searchya.com/?chnl=ft-102&s=1&cr=1723402304&cd=2XzutAtN2Y1L1QzuyEtDyCtCzzyCtCyC0A0EyCyDyC0B0FtCyBtN0D0TzutBtDtCtBtDtAtDtB&q={searchTerms}
FF NewTab: chrome://quick_start/content/index.html
FF NetworkProxy: "backup.ftp", "		23.241.35.39"
FF NetworkProxy: "backup.ftp_port", 30721
FF NetworkProxy: "backup.socks", "		23.241.35.39"
FF NetworkProxy: "backup.socks_port", 30721
FF NetworkProxy: "backup.ssl", "		23.241.35.39"
FF NetworkProxy: "backup.ssl_port", 30721
FF NetworkProxy: "ftp", "	97.80.60.62"
FF NetworkProxy: "ftp_port", 25628
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "	97.80.60.62"
FF NetworkProxy: "socks_port", 25628
FF NetworkProxy: "ssl", "	97.80.60.62"
FF NetworkProxy: "ssl_port", 25628
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
C:\ProgramData\8ztlfw3.bxx
C:\ProgramData\8ztlfw3.fvv
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8C48B540-8632-4590-860D-52EA3B8FA5D0}' => Key deleted successfully.
'HKCR\CLSID\{8C48B540-8632-4590-860D-52EA3B8FA5D0}'=> Key not found.
Firefox newtab deleted successfully.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
C:\Program Files (x86)\Google\Desktop\Install => Moved successfully.
C:\ProgramData\8ztlfw3.bxx => Moved successfully.
C:\ProgramData\8ztlfw3.fvv => Moved successfully.


The system needed a reboot. 

==== End of Fixlog ====

Win7 64bit "Windows Version installer, Continue VuuPC Installation, MyPC Backup, Advanced System Protector,..."

Log-Analyse und Auswertung: Win7 64bit "Windows Version installer, Continue VuuPC Installation, MyPC Backup, Advanced System Protector,..."