Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Virus Application.SearchProtect.J (EngineA)

Virus Application.SearchProtect.J (EngineA)


Log-Analyse und Auswertung: Virus Application.SearchProtect.J (EngineA)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 14.07.2014, 01:05   #3
Löwe1
 
Virus Application.SearchProtect.J (EngineA) - Standard

Virus Application.SearchProtect.J (EngineA)


Hi Matthias,
hier das Ergebnis von AdwCleaner:
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.215 - Bericht erstellt am 11/07/2014 um 01:37:19
# Aktualisiert 09/07/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Gnuj - PC01
# Gestartet von : C:\Users\Gnuj\Desktop\adwcleaner_3.215.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : CltMngSvc

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\simplitec
Ordner Gelöscht : C:\Program Files (x86)\Babylon
Ordner Gelöscht : C:\Program Files (x86)\SearchProtect
Ordner Gelöscht : C:\Program Files\Babylon
Ordner Gelöscht : C:\Users\Gnuj\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\Gnuj\AppData\Roaming\simplitec
Ordner Gelöscht : C:\Users\Gnuj\Documents\Updater
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Gnuj\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Gnuj\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default\searchplugins\trovi-search.xml

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ocr@babylon.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{947217BD-E967-400A-B14A-BA851A8EDCBB}
Schlüssel Gelöscht : HKLM\Software\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17207

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\Gnuj\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default\prefs.js ]

Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3325163&octid=EB_ORIGINAL_CTID&ISID=M5DFD407C-4471-4486-8A89-6F886B0BE74B&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP150F9C7C-2EB6-456[...]
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Trovi search");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Trovi search");

-\\ Google Chrome v35.0.1916.153

[ Datei : C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325163&octid=EB_ORIGINAL_CTID&ISID=M5DFD407C-4471-4486-8A89-6F886B0BE74B&SearchSource=58&CUI=&UM=5&UP=SP150F9C7C-2EB6-4561-AC53-5D58F16B3AA3&q={searchTerms}&SSPV=
Gelöscht [Startup_urls] : hxxp://www.trovi.com/?gd=&ctid=CT3325163&octid=EB_ORIGINAL_CTID&ISID=M5DFD407C-4471-4486-8A89-6F886B0BE74B&SearchSource=55&CUI=&UM=5&UP=SP150F9C7C-2EB6-4561-AC53-5D58F16B3AA3&SSPV=
Gelöscht [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3325163&octid=EB_ORIGINAL_CTID&ISID=M5DFD407C-4471-4486-8A89-6F886B0BE74B&SearchSource=55&CUI=&UM=5&UP=SP150F9C7C-2EB6-4561-AC53-5D58F16B3AA3&SSPV=

*************************

AdwCleaner[R0].txt - [4074 octets] - [10/07/2014 18:41:34]
AdwCleaner[S0].txt - [3813 octets] - [11/07/2014 01:37:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3873 octets] ##########
--- --- ---


hier das Ergebnis von AdwCleaner:
Code:
ATTFilter
 
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 11.07.2014
Suchlauf-Zeit: 08:42:08
Logdatei: Malwarebytes_Protokoll.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.11.03
Rootkit Datenbank: v2014.07.09.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Gnuj

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 399552
Verstrichene Zeit: 17 Min, 38 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 6
Trojan.Agent, HKU\S-1-5-21-3819896947-3942532061-1754202372-1137-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Math Problem Solver, In Quarantäne, [e45bbee07902b284401db0a06b95eb15], 
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3819896947-3942532061-1754202372-1137-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Conduit_Search_Protect, In Quarantäne, [f54a9b0359229a9cd441a76d2fd5c040], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3819896947-3942532061-1754202372-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [56e9d0cedc9f77bffc7720e9d331e41c], 
PUP.Optional.GiantSavings.A, HKU\S-1-5-21-3819896947-3942532061-1754202372-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Giant Savings, In Quarantäne, [43fc95092655fe3826d0838ecb3920e0], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-461855047-3276940578-3894841063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [fb44108e90eb0432383b63a6f3112cd4], 
PUP.Optional.GiantSavings.A, HKU\S-1-5-21-461855047-3276940578-3894841063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Giant Savings, In Quarantäne, [d669138b8eed6acca45224ed030104fc], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 21
PUP.Optional.Smart, C:\Downloads\free_vlc_player_setup.exe, In Quarantäne, [a996a6f880fb38fe096711fe2ed324dc], 
PUP.Optional.Conduit.A, C:\Users\Gnuj\AppData\Local\Temp\nsdB7F.exe, In Quarantäne, [221df3ab0477bc7af918672220e11ae6], 
PUP.Optional.Conduit.A, C:\Users\Gnuj\AppData\Local\Temp\nsiBED0.exe, In Quarantäne, [3b043c62cfac4ee84cc56029cc3530d0], 
PUP.Optional.SearchProtect.A, C:\Users\Gnuj\AppData\Local\Temp\SPSetup.exe, In Quarantäne, [a49b415d17640d2980b66f2451b0a858], 
PUP.Optional.Conduit.A, C:\Users\Gnuj\AppData\Local\Temp\nsnC160.exe, In Quarantäne, [ae910b93c8b38fa7ac656f1a758cef11], 
PUP.Optional.Conduit.A, C:\Users\Gnuj\AppData\Local\Temp\nsnC3D1.exe, In Quarantäne, [320d1f7f4b30f24465acf99020e17789], 
PUP.Optional.Conduit.A, C:\Users\Gnuj\AppData\Local\Temp\nssDB1.exe, In Quarantäne, [7fc016882b5075c140d10c7d38c9fa06], 
PUP.Optional.Conduit.A, C:\Users\Gnuj\AppData\Local\Temp\nsyFF4.exe, In Quarantäne, [16299d017605ed493bd61e6be21f7c84], 
PUP.Optional.SearchProtect.A, c:\Users\Gnuj\AppData\Local\Temp\search_protect_non_google.exe, In Quarantäne, [36090698c7b4e94d9d5efe89659c9868], 
PUP.Optional.SearchProtect.A, C:\Users\Gnuj\AppData\Local\Temp\Search_Protect_non_Google_setup.exe, In Quarantäne, [3b04c1ddabd0092d99625730976a27d9], 
PUP.Optional.Babylon.A, C:\Users\Gnuj\AppData\Local\Temp\EAFD62E1-BAB0-7891-93FF-378BC2899CA3\MntrDLLInstall.dll, In Quarantäne, [300f2975017a241299754ad616eb32ce], 
PUP.Optional.SearchProtect.A, C:\Users\Gnuj\AppData\Local\Temp\nshA4AA\SpSetup.exe, In Quarantäne, [a59a9fffc0bb53e3f93d751e18e9c13f], 
PUP.Optional.Conduit.A, C:\Windows\Temp\nsdB34B.exe, In Quarantäne, [e45babf3156676c060b1494045bc48b8], 
PUP.Optional.Conduit.A, C:\Windows\Temp\nsf8C2.exe, In Quarantäne, [1c23d9c5e19a91a5ba57dcad80819b65], 
PUP.Optional.Conduit.A, C:\Windows\Temp\nslE04C.exe, In Quarantäne, [310ef7a7dc9fb581bd542069b54cac54], 
PUP.Optional.Conduit.A, C:\Windows\Temp\nspE691.exe, In Quarantäne, [152a0b9359223ff7c24ff39629d8867a], 
PUP.Optional.Conduit.A, C:\Windows\Temp\nsqC108.exe, In Quarantäne, [6ad5009e1e5d88ae3ad784059c653dc3], 
PUP.Optional.Conduit.A, C:\Windows\Temp\nstCBBC.exe, In Quarantäne, [3f0027773c3f37ff9e738cfd50b101ff], 
PUP.Optional.Babylon.A, C:\Users\Gnuj\Downloads\Babylon1002_setup.exe, In Quarantäne, [60dfb7e747340b2b7074d3397f82867a], 
PUP.Optional.Smart, C:\Users\Gnuj\Downloads\free_vlc_player_setup.exe, In Quarantäne, [db64cdd1dc9f23134c248986e02135cb], 
Trojan.Agent, C:\Users\Gnuj\AppData\Local\Math Problem Solver\Uninstall.exe, In Quarantäne, [e45bbee07902b284401db0a06b95eb15], 

Physische Sektoren: 0
(No malicious items detected)

(end)

hier das Ergebnis von zoek:
Ich bin mir allerdings nicht sicher, ob ich den Virenscanner ausgeschaltet hatte!
Code:
ATTFilter
 
Zoek.exe v5.0.0.0 Updated 13-July-2014
Tool run by Gnuj on 13.07.2014 at 20:46:47,21.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Gnuj\Desktop\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

13.07.2014 20:52:30 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater12.2.0 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater12.2.0 deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\ADMINI~1\AppData\Roaming\Haufe Mediengruppe\iDesk Browser\Profiles\jpxncztd.default\prefs.js:

Added to C:\Users\ADMINI~1\AppData\Roaming\Haufe Mediengruppe\iDesk Browser\Profiles\jpxncztd.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Gnuj\AppData\Roaming\Haufe Mediengruppe\iDesk Browser\Profiles\wcdi641c.default\prefs.js:

Added to C:\Users\Gnuj\AppData\Roaming\Haufe Mediengruppe\iDesk Browser\Profiles\wcdi641c.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Gnuj\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.de/|hxxp://www.goldseiten.de/content/kurse/edelmetalle_gold.php|hxxp://www.goldseiten.de/content/kurse/edelmetalle_silber.php");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Gnuj\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Gnuj\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\prefs.js:

Added to C:\Users\Gnuj\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Gnuj\AppData\Roaming\Thunderbird_Test_loeschen\Profiles\xe67slhm.default\prefs.js:

Added to C:\Users\Gnuj\AppData\Roaming\Thunderbird_Test_loeschen\Profiles\xe67slhm.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\PROGRA~3\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E} deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Gnuj\AppData\Local\Lollipop_05290822 deleted
C:\Users\Gnuj\Downloads\DownloadManagerSetup.exe deleted
C:\Users\Gnuj\Searches deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Toolbar4 deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
"C:\Windows\Installer\8b4734.msi" deleted
"C:\Windows\Installer\2155db9.msi" deleted
"C:\Windows\Installer\8b473a.msi" deleted
"C:\ProgramData\ckpgxccjdmbsnlv" deleted
"C:\Users\Gnuj\AppData\Roaming\DVASSV" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\Gnuj\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default
- PDF Converter 7.0 - %ProfilePath%\extensions\nuance@pdf7
- WEB.DE MailCheck - %ProfilePath%\extensions\toolbar@web.de
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\Gnuj\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default
- Manually Sort Folders - %ProfilePath%\extensions\tbsortfolders@xulforum.org.xpi

ProfilePath: C:\Users\Gnuj\AppData\Roaming\Thunderbird_Test_loeschen\Profiles\xe67slhm.default
- Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- TrueSuite Website Logon - %AppDir%\extensions\websitelogon@truesuite.com
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Gnuj\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default
4390CCD3790F8D9C427C0C29590C62D7	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll -	Shockwave Flash
4648317AB63EE5EC78D02757518E54B2	- C:\Vetad\PROGRAMM\A0000015\npdvbm.dll -	Vetad Bestell-Manager Plug-in


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bdgpjclefcppbhifgmbncakhhphkggdb - C:\ProgramData\AVG Secure Search\ChromeExt\12.2.0.5\avg.crx[]
dfaldikcoaplhepekpbngkepfcoiihef - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx[22.08.2011 14:50]

Docs - Gnuj\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Website Logon - Gnuj\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfaldikcoaplhepekpbngkepfcoiihef

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\ECAEC4DD91B8C1B4EA28EDF05C87D7C4 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\482AA67AD25E6E74E9F48BD5FBE8533C deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bdgpjclefcppbhifgmbncakhhphkggdb deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DD4CEACE-8B19-4B1C-AE82-DE0FC5787D4C} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\ECAEC4DD91B8C1B4EA28EDF05C87D7C4 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gnuj\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gnuj\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Gnuj\AppData\Local\Mozilla\Firefox\Profiles\rd42lxr8.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=822 folders=49 2131335864 bytes)

==== Empty Temp Folders ======================

C:\Users\Admin\AppData\Local\temp emptied successfully
C:\Users\Administrator\AppData\Local\temp emptied successfully
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Gnuj\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Gnuj\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 14.07.2014 at  0:49:36,03 ======================
hier FRST (neu)

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2014
Ran by Gnuj (administrator) on PC01 on 14-07-2014 01:08:54
Running from C:\Users\Gnuj\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AVK\AVK_64.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Vetad eG) C:\Vetad\SYSTEM\Vetad.Framework.RemoteServiceModel.GenericService2010.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AVK\AVK.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Vetad eG) C:\Vetad\PROGRAMM\Install\DvInesASDSvc.Exe
(Vetad eG) C:\Vetad\SYSTEM\Vetad.Framework.RemoteServiceModel.GenericService2010.exe
(Vetad eG) C:\Vetad\PROGRAMM\B0001442\PSNTServ.exe
(Vetad eG) C:\Vetad\PROGRAMM\B0000150\ScServer\DVckService.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
() C:\Program Files (x86)\Efuah\iDesk\iDeskService\ideskservice.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(KOBIL Systems GmbH) C:\Vetad\PROGRAMM\B0000404\msdisrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Efuah Mediengruppe) C:\Program Files (x86)\Efuah\iDesk\iDeskService\ideskpython.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Vetad eG) C:\Vetad\PROGRAMM\B0000398\SiPaHostService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Vetad eG) C:\Vetad\PROGRAMM\Install\DvInesASDMon.Exe
(Vetad eG) C:\Vetad\SYSTEM\Vetad.Framework.RemoteServiceModel.GenericService2010.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AVK\AVK.exe
() C:\Vetad\PROGRAMM\A0000007\DHNC.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe
(Vetad eG) C:\Vetad\SYSTEM\RzpjWtch.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Vetad eG) C:\Vetad\PROGRAMM\RZKOMM\Vetad.CC.Processes.Cmd.exe
(Vetad eG) C:\Vetad\PROGRAMM\B0000398\SiPaHost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Lotus Development Corporation) C:\lotus\organize\easyclip6.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconCL.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
HKLM\...\Run: [ApplyEsf-eDocPrintPro] => C:\Program Files\Common Files\MAYComputer\eDocPrintPro\ApplyEsf.exe [443392 2013-04-01] (May Software)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [AVK CL] => C:\Program Files (x86)\G Data\AVK\AVK.exe [1800696 2012-02-28] (G Data Software AG)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe [1275168 2010-10-16] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF7 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Professional 7\RegistryController.exe [121120 2010-10-16] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [636032 2012-03-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-01-31] ()
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Vetad.CC.ControllerUserMode] => C:\Vetad\PROGRAMM\RZKOMM\Vetad.CC.Processes.Cmd.exe [32808 2013-12-23] (Vetad eG)
HKLM-x32\...\Run: [Vetad.CC.Clear] => C:\Vetad\PROGRAMM\RZKOMM\Vetad.CC.Processes.Cmd.exe [32808 2013-12-23] (Vetad eG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SiPaHost] => C:\Vetad\PROGRAMM\B0000398\SiPaHost.exe [556584 2013-03-21] (Vetad eG)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-06-27] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-17] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Basisschnittstelle Office Initialisierung.lnk
ShortcutTarget: Basisschnittstelle Office Initialisierung.lnk -> C:\Vetad\PROGRAMM\BSoffice\service\OfficeDiag.exe (Vetad eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CleanupPrintJobs.lnk
ShortcutTarget: CleanupPrintJobs.lnk -> C:\Vetad\PROGRAMM\B0001401\CleanupPrintJobs.exe (Vetad eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Vetad-Hinweis Mitteilungsdienst.lnk
ShortcutTarget: Vetad-Hinweis Mitteilungsdienst.lnk -> C:\Vetad\PROGRAMM\A0000007\DHNC.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PhraseExpress.lnk
ShortcutTarget: PhraseExpress.lnk -> C:\Program Files (x86)\PhraseExpress\phraseexpress.exe (Bartels Media GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RZ-Druckertreiber V.2.3.lnk
ShortcutTarget: RZ-Druckertreiber V.2.3.lnk -> C:\Vetad\SYSTEM\RzpjWtch.exe (Vetad eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SkyUserDevmode-Update.lnk
ShortcutTarget: SkyUserDevmode-Update.lnk -> C:\Vetad\PROGRAMM\B0001401\UpdateDevmode.exe (Vetad eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VR-NetWorld Auftragsprüfung.lnk
ShortcutTarget: VR-NetWorld Auftragsprüfung.lnk -> C:\Program Files (x86)\VR-NetWorld\VRToolCheckOrder.exe (VR-NetWorld Software)
Startup: C:\Users\Gnuj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Gnuj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk
ShortcutTarget: Lotus Organizer EasyClip.lnk -> C:\lotus\organize\easyclip6.exe (Lotus Development Corporation)
Startup: C:\Users\Gnuj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PhraseExpress Diagnose-Modus.lnk
ShortcutTarget: PhraseExpress Diagnose-Modus.lnk -> C:\Program Files (x86)\PhraseExpress\phraseexpress.exe (Bartels Media GmbH)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: DtvIePwdSafeBHO Class - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - C:\Vetad\PROGRAMM\B0000397\DtvIePwdSafe64.dll (Vetad eG)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: SCardBHOEvent Class - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\Vetad\SYSTEM\DVCCSASCardBHO64002.Dll (Vetad eG)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: DtvIePwdSafeBHO Class - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - C:\Vetad\PROGRAMM\B0000397\DtvIePwdSafe.dll (Vetad eG)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: SCardBHOEvent Class - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\Vetad\SYSTEM\DVCCSAScardBHO002.dll (Vetad eG)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavCL.dll (Zeon Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavCL.dll (Zeon Corporation)
DPF: HKLM {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex64-2.2.6.0.cab
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {15BE8BEE-4105-4A79-B385-25068AA967DB} hxxp://de1.iradiopop.com/IRD/pages/VBIMDPlayer.CAB
Handler: Efuahreader - No CLSID Value - 
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: Efuahreader - No CLSID Value - 
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.199.10

FireFox:
========
FF ProfilePath: C:\Users\Gnuj\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default
FF NewTab: hxxp://www.google.com/
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Vetad.de/Vetad_BestellManager,version=1.7 - C:\Vetad\PROGRAMM\A0000015\npdvbm.dll ( Vetad eG)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll (Zeon Corporation)
FF SearchPlugin: C:\Users\Gnuj\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Gnuj\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Gnuj\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Gnuj\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WEB.DE MailCheck - C:\Users\Gnuj\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default\Extensions\toolbar@web.de [2014-07-10]
FF Extension: Adblock Plus - C:\Users\Gnuj\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-03]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2014-06-23]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Docs) - C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-26]
CHR Extension: (Google Drive) - C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-26]
CHR Extension: (YouTube) - C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-26]
CHR Extension: (Google Search) - C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-26]
CHR Extension: (Website Logon) - C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfaldikcoaplhepekpbngkepfcoiihef [2013-04-26]
CHR Extension: (Gmail) - C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-26]
CHR HKLM-x32\...\Chrome\Extension: [dfaldikcoaplhepekpbngkepfcoiihef] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-08-22]

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-05-01] (Adobe Systems) [File not signed]
R2 AntiVirusKit CL; C:\Program Files (x86)\G Data\AVK\AVK.exe [1800696 2012-02-28] (G Data Software AG)
R2 AVKProxy; C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1501192 2012-02-29] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\AVK\AVK_64.exe [2192320 2012-02-28] (G Data Software AG)
R2 Vetad Update-Service; C:\Vetad\PROGRAMM\INSTALL\DvInesASDSvc.Exe [161320 2013-08-02] (Vetad eG)
R2 Vetad.CC.Processes.Hosting.RdtServiceMode; C:\Vetad\SYSTEM\Vetad.Framework.RemoteServiceModel.GenericService2010.exe [7208 2013-12-05] (Vetad eG)
R2 Vetad.Framework.RemoteServiceModel.EnablerService; C:\Vetad\SYSTEM\Vetad.Framework.RemoteServiceModel.GenericService2010.exe [7208 2013-12-05] (Vetad eG)
R3 Vetad.Framework.RemoteServices; C:\Vetad\SYSTEM\Vetad.Framework.RemoteServiceModel.GenericService2010.exe [7208 2013-12-05] (Vetad eG)
S3 Vetad.Irw.ServiceProvider.HostXcut.Server; C:\Vetad\SYSTEM\Vetad.Framework.RemoteServiceModel.GenericService2010.exe [7208 2013-12-05] (Vetad eG)
R2 VetadPrintService; C:\Vetad\PROGRAMM\B0001442\PSNTSERV.EXE [185856 2013-09-02] (Vetad eG) [File not signed]
S4 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [187456 2012-12-16] (DATA BECKER GmbH & Co KG) [File not signed]
S4 DfueSammlerDienst; C:\Vetad\PROGRAMM\RZKOMM\Vetad.CC.Processes.Session0Host.exe [9256 2013-12-23] ()
R2 DVckService; C:\Vetad\PROGRAMM\B0000150\ScServer\DVckService.exe [2706472 2013-07-26] (Vetad eG)
R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe [116224 2012-05-18] (Firebird Project) [File not signed]
R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe [4035584 2012-05-18] (Firebird Project) [File not signed]
S3 GDBackupSvc; C:\Program Files (x86)\G Data\AVK\AVKBackupService.exe [1498616 2012-02-28] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [459784 2012-02-29] (G Data Software AG)
R2 hasplms; C:\Windows\system32\hasplms.exe [4466120 2013-01-11] (SafeNet Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HRService; C:\Program Files (x86)\Efuah\iDesk\iDeskService\iDeskService.exe [12800 2013-07-03] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 KOBIL_MSDI; C:\Vetad\PROGRAMM\B0000404\msdisrv.exe [137736 2013-03-14] (KOBIL Systems GmbH)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [134944 2010-10-16] (Nuance Communications, Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
R2 Sicherheitspaket-Dienst; C:\Vetad\PROGRAMM\B0000398\SiPaHostService.exe [196136 2013-03-21] (Vetad eG)

==================== Drivers (Whitelisted) ====================

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [31080 2012-08-11] (AVG Technologies)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [50552 2012-12-03] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [111992 2012-12-03] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [65912 2012-12-03] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106648 2012-12-03] (G Data Software)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331144 2013-03-11] (SafeNet Inc.)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [53112 2012-12-03] (G Data Software AG)
S3 IFCoEMP; C:\Windows\system32\drivers\ifM52x64.sys [339728 2010-08-14] (Intel(R) Corporation)
S3 IFCoEVB; C:\Windows\system32\drivers\ifP52X64.sys [65808 2010-08-14] (Intel(R) Corporation)
S3 KOBCCEX; C:\Windows\System32\drivers\KOBCCEX.sys [25344 2012-01-03] (KOBIL Systems GmbH) [File not signed]
R3 KOBCCID; C:\Windows\System32\drivers\KOBCCID.sys [116864 2012-11-11] (KOBIL Systems GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-09] ()
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
R2 SC_SERV3D; C:\Windows\system32\drivers\d3_kafm.sys [84728 2012-07-03] (Vetad eG)
R0 vidsflt58; C:\Windows\System32\DRIVERS\vsflt58.sys [142944 2012-10-18] (Acronis)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U0 dmboot; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-14 01:08 - 2014-07-14 01:08 - 00000000 ____D () C:\Users\Gnuj\Desktop\FRST-OlderVersion
2014-07-14 01:00 - 2014-07-14 01:07 - 00012621 _____ () C:\Users\Gnuj\Desktop\zoek-results_fuer_Forum.txt
2014-07-14 00:59 - 2014-07-14 00:59 - 00012621 _____ () C:\Users\Gnuj\Desktop\zoek-results.txt
2014-07-13 21:16 - 2014-07-13 20:45 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-07-13 20:52 - 2014-07-14 00:49 - 00012621 _____ () C:\Users\Gnuj\Desktop\zoek-results.log
2014-07-13 20:49 - 2014-07-13 20:49 - 01285120 _____ () C:\Users\Gnuj\Downloads\zoek.exe
2014-07-13 20:45 - 2014-07-13 21:09 - 00000000 ____D () C:\zoek_backup
2014-07-13 20:43 - 2014-05-21 08:36 - 01285120 _____ () C:\Users\Gnuj\Desktop\zoek.exe
2014-07-13 20:41 - 2014-07-13 20:42 - 04095664 _____ () C:\Users\Gnuj\Desktop\zoek.zip
2014-07-11 10:31 - 2014-07-11 10:39 - 00005005 _____ () C:\Users\Gnuj\Desktop\Malwarebytes_Protokoll_fuer_Forum.txt
2014-07-11 10:31 - 2014-07-11 10:31 - 00005005 _____ () C:\Users\Gnuj\Desktop\Malwarebytes_Protokoll.txt
2014-07-11 10:19 - 2012-05-26 18:58 - 00000982 _____ () C:\Users\Gnuj\Desktop\7-Zip File Manager.lnk
2014-07-11 10:03 - 2014-07-11 10:08 - 00003961 _____ () C:\Users\Gnuj\Desktop\AdwCleaner[S0]_fuer_Forum.txt
2014-07-11 08:39 - 2014-07-14 00:58 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-11 08:38 - 2014-07-11 08:38 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-11 08:38 - 2014-07-11 08:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-11 08:38 - 2014-07-11 08:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-11 08:38 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-11 08:38 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-11 08:38 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-11 08:33 - 2014-07-11 08:36 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Gnuj\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-11 01:44 - 2014-07-11 01:37 - 00003961 _____ () C:\Users\Gnuj\Desktop\AdwCleaner[S0].txt
2014-07-10 18:42 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-10 18:41 - 2014-07-11 01:37 - 00000000 ____D () C:\AdwCleaner
2014-07-10 18:35 - 2014-07-10 18:36 - 01348263 _____ () C:\Users\Gnuj\Desktop\adwcleaner_3.215.exe
2014-07-10 18:21 - 2014-07-10 18:21 - 00012578 _____ () C:\Users\Gnuj\Desktop\Addition_fuer_Forum.7z
2014-07-10 17:05 - 2014-07-10 17:31 - 00005628 _____ () C:\Users\Gnuj\Desktop\GMER_fuer_Forum.log
2014-07-10 17:04 - 2014-07-10 17:04 - 00005628 _____ () C:\Users\Gnuj\Desktop\GMER.log
2014-07-10 16:29 - 2014-07-10 16:29 - 00380416 _____ () C:\Users\Gnuj\Desktop\Gmer-19357.exe
2014-07-10 15:56 - 2014-07-10 16:26 - 00061934 _____ () C:\Users\Gnuj\Desktop\Addition_fuer_Forum.txt
2014-07-10 15:55 - 2014-07-10 16:06 - 00054600 _____ () C:\Users\Gnuj\Desktop\FRST_fuer_Forum.txt
2014-07-10 15:22 - 2014-07-10 15:23 - 00062025 _____ () C:\Users\Gnuj\Desktop\Addition.txt
2014-07-10 15:21 - 2014-07-14 01:09 - 00026787 _____ () C:\Users\Gnuj\Desktop\FRST.txt
2014-07-10 15:19 - 2014-07-14 01:09 - 00000000 ____D () C:\FRST
2014-07-10 15:09 - 2014-07-14 01:08 - 02086912 _____ (Farbar) C:\Users\Gnuj\Desktop\FRST64.exe
2014-07-10 10:36 - 2014-07-10 10:37 - 00001619 _____ () C:\DelFix.txt
2014-07-09 10:15 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 10:15 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 10:15 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 10:15 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 10:15 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 10:15 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 10:15 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 10:15 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 10:15 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 10:15 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 10:15 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 10:15 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 10:15 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 10:15 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 10:15 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 10:15 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 10:15 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 10:15 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 10:15 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 10:15 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 10:15 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 10:15 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 10:15 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 10:15 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 10:15 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 10:15 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 10:15 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 10:15 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 10:15 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 10:15 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 10:15 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 10:15 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 10:15 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 10:15 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 10:15 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 10:15 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 10:15 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 10:15 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 10:15 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 10:15 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 10:15 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 10:15 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 10:15 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 10:15 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 10:15 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 10:15 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 10:15 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 10:15 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 10:15 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 10:15 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 10:15 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 10:15 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 10:15 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 10:15 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 10:15 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 10:15 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 10:03 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 10:03 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 10:02 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 10:02 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 10:02 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 09:57 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 09:57 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 09:57 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 09:57 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 09:57 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 09:57 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 09:57 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 09:57 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 09:57 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 09:57 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 09:57 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 09:57 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 09:57 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 09:57 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 09:57 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 09:57 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 09:57 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 09:52 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 09:52 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 09:52 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-01 13:56 - 2014-07-01 14:06 - 00001283 _____ () C:\Users\Gnuj\Desktop\Word Makro funktionierend.lnk
2014-07-01 09:42 - 2014-07-01 15:27 - 00001283 _____ () C:\Users\Gnuj\Desktop\Word Vetad funktionierend.lnk
2014-06-23 01:11 - 2014-06-23 01:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-17 07:38 - 2014-06-17 07:38 - 00002311 _____ () C:\Users\Public\Desktop\Efuah Steu  aufrufen.lnk

==================== One Month Modified Files and Folders =======

2014-07-14 01:09 - 2014-07-10 15:21 - 00026787 _____ () C:\Users\Gnuj\Desktop\FRST.txt
2014-07-14 01:09 - 2014-07-10 15:19 - 00000000 ____D () C:\FRST
2014-07-14 01:08 - 2014-07-14 01:08 - 00000000 ____D () C:\Users\Gnuj\Desktop\FRST-OlderVersion
2014-07-14 01:08 - 2014-07-10 15:09 - 02086912 _____ (Farbar) C:\Users\Gnuj\Desktop\FRST64.exe
2014-07-14 01:07 - 2014-07-14 01:00 - 00012621 _____ () C:\Users\Gnuj\Desktop\zoek-results_fuer_Forum.txt
2014-07-14 01:07 - 2012-08-30 00:18 - 00000000 ____D () C:\Users\Gnuj\Documents\PhraseExpress
2014-07-14 00:59 - 2014-07-14 00:59 - 00012621 _____ () C:\Users\Gnuj\Desktop\zoek-results.txt
2014-07-14 00:58 - 2014-07-11 08:39 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-14 00:54 - 2009-07-14 06:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-14 00:54 - 2009-07-14 06:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-14 00:51 - 2011-12-30 14:49 - 01520330 _____ () C:\Windows\WindowsUpdate.log
2014-07-14 00:49 - 2014-07-13 20:52 - 00012621 _____ () C:\Users\Gnuj\Desktop\zoek-results.log
2014-07-14 00:49 - 2012-08-30 23:53 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-14 00:47 - 2013-04-26 14:26 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-14 00:45 - 2012-11-14 18:32 - 00494358 _____ () C:\Windows\PFRO.log
2014-07-14 00:45 - 2012-11-14 18:32 - 00046991 _____ () C:\Windows\setupact.log
2014-07-14 00:45 - 2012-01-03 12:41 - 00000128 _____ () C:\Windows\system32\config\netlogon.ftl
2014-07-14 00:45 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-13 23:16 - 2012-11-14 14:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-13 22:26 - 2013-04-26 14:26 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-13 21:09 - 2014-07-13 20:45 - 00000000 ____D () C:\zoek_backup
2014-07-13 21:09 - 2012-01-03 13:06 - 00000000 ____D () C:\Users\Gnuj
2014-07-13 20:49 - 2014-07-13 20:49 - 01285120 _____ () C:\Users\Gnuj\Downloads\zoek.exe
2014-07-13 20:45 - 2014-07-13 21:16 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-07-13 20:42 - 2014-07-13 20:41 - 04095664 _____ () C:\Users\Gnuj\Desktop\zoek.zip
2014-07-13 20:40 - 2012-11-06 10:41 - 00000000 ____D () C:\Users\Gnuj\Desktop\Debug_PhraseExpress
2014-07-13 20:40 - 2012-08-31 10:57 - 00000000 ____D () C:\Users\Gnuj\AppData\Roaming\BOM
2014-07-13 19:35 - 2011-12-09 00:59 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-07-13 19:35 - 2011-12-09 00:59 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-07-13 19:35 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-13 10:01 - 2012-12-11 22:56 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForGnuj
2014-07-13 10:01 - 2012-12-11 22:56 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForGnuj.job
2014-07-13 09:19 - 2012-01-03 13:06 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{71AB425F-8084-4EBF-B2D6-CC14F5A5671F}
2014-07-12 00:33 - 2006-01-23 13:41 - 00000000 ____D () C:\ebay
2014-07-11 23:36 - 2012-12-05 22:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-07-11 10:39 - 2014-07-11 10:31 - 00005005 _____ () C:\Users\Gnuj\Desktop\Malwarebytes_Protokoll_fuer_Forum.txt
2014-07-11 10:31 - 2014-07-11 10:31 - 00005005 _____ () C:\Users\Gnuj\Desktop\Malwarebytes_Protokoll.txt
2014-07-11 10:21 - 2012-05-26 18:58 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-07-11 10:08 - 2014-07-11 10:03 - 00003961 _____ () C:\Users\Gnuj\Desktop\AdwCleaner[S0]_fuer_Forum.txt
2014-07-11 08:38 - 2014-07-11 08:38 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-11 08:38 - 2014-07-11 08:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-11 08:38 - 2014-07-11 08:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-11 08:38 - 2012-06-13 00:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-11 08:36 - 2014-07-11 08:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Gnuj\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-11 01:37 - 2014-07-11 01:44 - 00003961 _____ () C:\Users\Gnuj\Desktop\AdwCleaner[S0].txt
2014-07-11 01:37 - 2014-07-10 18:41 - 00000000 ____D () C:\AdwCleaner
2014-07-10 18:36 - 2014-07-10 18:35 - 01348263 _____ () C:\Users\Gnuj\Desktop\adwcleaner_3.215.exe
2014-07-10 18:21 - 2014-07-10 18:21 - 00012578 _____ () C:\Users\Gnuj\Desktop\Addition_fuer_Forum.7z
2014-07-10 17:31 - 2014-07-10 17:05 - 00005628 _____ () C:\Users\Gnuj\Desktop\GMER_fuer_Forum.log
2014-07-10 17:04 - 2014-07-10 17:04 - 00005628 _____ () C:\Users\Gnuj\Desktop\GMER.log
2014-07-10 16:29 - 2014-07-10 16:29 - 00380416 _____ () C:\Users\Gnuj\Desktop\Gmer-19357.exe
2014-07-10 16:26 - 2014-07-10 15:56 - 00061934 _____ () C:\Users\Gnuj\Desktop\Addition_fuer_Forum.txt
2014-07-10 16:06 - 2014-07-10 15:55 - 00054600 _____ () C:\Users\Gnuj\Desktop\FRST_fuer_Forum.txt
2014-07-10 15:23 - 2014-07-10 15:22 - 00062025 _____ () C:\Users\Gnuj\Desktop\Addition.txt
2014-07-10 15:17 - 2006-02-03 20:55 - 00000000 ____D () C:\Programme_noch_pruefen
2014-07-10 12:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-10 10:37 - 2014-07-10 10:36 - 00001619 _____ () C:\DelFix.txt
2014-07-10 10:36 - 2013-11-14 02:38 - 00000000 ____D () C:\Windows\ERUNT
2014-07-10 10:22 - 2012-11-10 22:17 - 00000000 ____D () C:\Windows\erdnt
2014-07-10 09:22 - 2009-07-14 06:45 - 00559416 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 09:20 - 2014-05-07 01:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 09:20 - 2010-11-21 09:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 09:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 09:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 01:33 - 2012-02-19 08:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-10 01:31 - 2013-08-14 08:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 01:29 - 2012-01-02 16:39 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 10:17 - 2012-11-14 14:59 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 10:16 - 2013-11-24 19:57 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 10:16 - 2012-11-14 14:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 22:01 - 2012-01-10 22:41 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-07-08 22:01 - 2012-01-03 23:00 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-07-08 13:34 - 2012-01-05 18:13 - 00000000 ___RD () C:\Test
2014-07-07 23:32 - 2012-01-23 19:44 - 00005823 _____ () C:\Users\Gnuj\AppData\Local\EmptySettings.xml
2014-07-02 20:33 - 2012-01-03 13:42 - 00000526 _____ () C:\Windows\ODBC.INI
2014-07-02 19:58 - 2012-01-03 13:21 - 00000021 _____ () C:\Windows\DvInesKurusOleServer003.INI
2014-07-01 15:27 - 2014-07-01 09:42 - 00001283 _____ () C:\Users\Gnuj\Desktop\Word Vetad funktionierend.lnk
2014-07-01 14:06 - 2014-07-01 13:56 - 00001283 _____ () C:\Users\Gnuj\Desktop\Word Makro funktionierend.lnk
2014-06-30 04:09 - 2014-07-09 10:03 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-09 10:03 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-28 14:51 - 2012-03-08 09:51 - 00003210 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForPC01$
2014-06-28 14:51 - 2012-03-08 09:51 - 00000334 _____ () C:\Windows\Tasks\HPCeeScheduleForPC01$.job
2014-06-23 09:05 - 2012-09-02 08:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-23 01:11 - 2014-06-23 01:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-20 22:14 - 2014-07-09 10:15 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 21:39 - 2014-07-09 10:15 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-20 01:21 - 2013-04-26 14:26 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-20 01:21 - 2013-04-26 14:26 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-19 03:39 - 2014-07-09 10:15 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-19 03:06 - 2014-07-09 10:15 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-19 03:06 - 2014-07-09 10:15 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-19 02:48 - 2014-07-09 10:15 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-19 02:42 - 2014-07-09 10:15 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-19 02:42 - 2014-07-09 10:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-19 02:41 - 2014-07-09 10:15 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-19 02:41 - 2014-07-09 10:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-19 02:32 - 2014-07-09 10:15 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-19 02:31 - 2014-07-09 10:15 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-19 02:26 - 2014-07-09 10:15 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-19 02:24 - 2014-07-09 10:15 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-19 02:24 - 2014-07-09 10:15 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-19 02:23 - 2014-07-09 10:15 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-19 02:16 - 2014-07-09 10:15 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-19 02:14 - 2014-07-09 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-19 02:09 - 2014-07-09 10:15 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-19 01:59 - 2014-07-09 10:15 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 01:56 - 2014-07-09 10:15 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-19 01:53 - 2014-07-09 10:15 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-19 01:51 - 2014-07-09 10:15 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-19 01:50 - 2014-07-09 10:15 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-19 01:48 - 2014-07-09 10:15 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-19 01:39 - 2014-07-09 10:15 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-19 01:38 - 2014-07-09 10:15 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-19 01:37 - 2014-07-09 10:15 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-19 01:36 - 2014-07-09 10:15 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-19 01:35 - 2014-07-09 10:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-19 01:33 - 2014-07-09 10:15 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-19 01:32 - 2014-07-09 10:15 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-19 01:28 - 2014-07-09 10:15 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-19 01:28 - 2014-07-09 10:15 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-19 01:27 - 2014-07-09 10:15 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-19 01:27 - 2014-07-09 10:15 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-19 01:25 - 2014-07-09 10:15 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-19 01:23 - 2014-07-09 10:15 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-19 01:22 - 2014-07-09 10:15 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-19 01:12 - 2014-07-09 10:15 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-19 01:06 - 2014-07-09 10:15 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-19 01:01 - 2014-07-09 10:15 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-19 00:59 - 2014-07-09 10:15 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-19 00:58 - 2014-07-09 10:15 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-19 00:58 - 2014-07-09 10:15 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-19 00:52 - 2014-07-09 10:15 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-19 00:51 - 2014-07-09 10:15 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-19 00:49 - 2014-07-09 10:15 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-19 00:46 - 2014-07-09 10:15 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-19 00:45 - 2014-07-09 10:15 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-19 00:35 - 2014-07-09 10:15 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-19 00:34 - 2014-07-09 10:15 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-19 00:15 - 2014-07-09 10:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-19 00:13 - 2014-07-09 10:15 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-19 00:09 - 2014-07-09 10:15 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-19 00:07 - 2014-07-09 10:15 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-18 04:18 - 2014-07-09 10:02 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-18 03:51 - 2014-07-09 10:02 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-18 03:10 - 2014-07-09 10:02 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-17 12:02 - 2012-01-03 13:06 - 00177208 _____ () C:\Users\Gnuj\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-17 07:38 - 2014-06-17 07:38 - 00002311 _____ () C:\Users\Public\Desktop\Efuah Steu  aufrufen.lnk
2014-06-17 07:38 - 2012-01-04 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Efuah

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-08 12:35

==================== End Of Log ============================
--- --- ---

--- --- ---
__________________
 

Themen zu Virus Application.SearchProtect.J (EngineA)
administrator, conduit.search, conduit.search entfernen, conduit_search, conduit_search entfernen, flash player, iexplore.exe, install.exe, newtab, pup.optional.babylon.a, pup.optional.conduit.a, pup.optional.crossrider.a, pup.optional.giantsavings.a, pup.optional.searchprotect.a, pup.optional.smart, registry, secure search, services.exe, svchost.exe, temp, trojan.agent, vtoolbarupdater, win32/clientconnect.a, win32/conduit.searchprotect.h, win32/conduit.searchprotect.i, win32/outbrowse.d, win32/toolbar.searchsuite.j, winlogon.exe


« Adware Problem! | erneut spammail-atacke »


Ähnliche Themen: Virus Application.SearchProtect.J (EngineA)


  1. Windows 7 - Avira findet PUA/SearchProtect.Gen
    Log-Analyse und Auswertung - 25.08.2015 (8)
  2. PUp.Optional.SearchProtect eingefangen
    Log-Analyse und Auswertung - 06.05.2015 (14)
  3. Windows 8: 'PUA/SearchProtect.228624'
    Log-Analyse und Auswertung - 05.04.2015 (28)
  4. Fehlermeldung xxx.exe - Ungültiges Bild (C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll oder V32Loader.dll)
    Log-Analyse und Auswertung - 18.03.2015 (16)
  5. Windows 7 / SearchProtect/bin/VC64loader.dll
    Plagegeister aller Art und deren Bekämpfung - 17.03.2015 (9)
  6. Win32/Conduit.SearchProtect.H
    Plagegeister aller Art und deren Bekämpfung - 20.01.2015 (7)
  7. Searchprotect auf Windows 8.1
    Plagegeister aller Art und deren Bekämpfung - 14.10.2014 (6)
  8. SearchProtect / OpenCandy - Trojanerfund auf nagelneuem PC
    Plagegeister aller Art und deren Bekämpfung - 07.08.2014 (11)
  9. WIN 7: Virusfunde Win32.Application.SubTab.A / Win32.Application.DownloadSponsor.D
    Plagegeister aller Art und deren Bekämpfung - 10.05.2014 (15)
  10. Unerwünscht SearchProtect auf dem Rechner
    Log-Analyse und Auswertung - 09.05.2014 (9)
  11. Windows7: SearchProtect und TR/Trash.Gen werden gefunden
    Log-Analyse und Auswertung - 28.04.2014 (11)
  12. PuP.Optional.Searchprotect
    Plagegeister aller Art und deren Bekämpfung - 13.03.2014 (2)
  13. SearchProtect Coduit entfernen
    Log-Analyse und Auswertung - 08.03.2014 (1)
  14. Windows 7: PUP.Optional.SearchProtect.A
    Log-Analyse und Auswertung - 29.11.2013 (11)
  15. Gen:Variant.Adware.VidSaver.1 [EngineA]
    Plagegeister aller Art und deren Bekämpfung - 22.03.2013 (23)
  16. TrojanGeneric.KDV.617269(EngineA) // Trojan Downloader.NurechX (EngineA) usw.
    Plagegeister aller Art und deren Bekämpfung - 04.12.2012 (69)
  17. Win32/Hoax.ArchSMS.KC application und Win32/Adware.ADON application
    Plagegeister aller Art und deren Bekämpfung - 08.08.2011 (29)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Virus Application.SearchProtect.J (EngineA) - Hi Matthias, hier das Ergebnis von AdwCleaner: AdwCleaner Logfile: Code: Alles auswählen Aufklappen ATTFilter # AdwCleaner v3.215 - Bericht erstellt am 11/07/2014 um 01:37:19 # Aktualisiert 09/07/2014 von Xplode # - Virus Application.SearchProtect.J (EngineA)...
Archiv
Du betrachtest: Virus Application.SearchProtect.J (EngineA) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131