Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Malwarebythe hat 3 verdächtige Elemente gefunden!Gmx-account ständig mit spam trotz Filter!

Malwarebythe hat 3 verdächtige Elemente gefunden!Gmx-account ständig mit spam trotz Filter!


Plagegeister aller Art und deren Bekämpfung: Malwarebythe hat 3 verdächtige Elemente gefunden!Gmx-account ständig mit spam trotz Filter!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 4 1 23 Letzte »
Alt 16.07.2014, 18:31   #1
solonia
 
Malwarebythe hat 3 verdächtige Elemente gefunden!Gmx-account ständig mit spam trotz Filter! - Standard

Malwarebythe hat 3 verdächtige Elemente gefunden!Gmx-account ständig mit spam trotz Filter!


Liebe Mitarbeiter des Trojanerboardes,

beim wöchentlichen Checkup meines PC mit Malwarebyte sind drei Elemente gefunden worden.

Habe alle in die Quarantäne geschoben und hier ist das Protokol davon:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 16.07.2014
Suchlauf-Zeit: 18:33:23
Logdatei: Found 1672014 malwarebyte.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.16.05
Rootkit Datenbank: v2014.07.14.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: smenz

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 333709
Verstrichene Zeit: 14 Min, 57 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 3
PUP.Optional.Outbrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}, , [7301b0ef186377bf4a74c6ca659ded13], 
PUP.Optional.Outbrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5}, , [7301b0ef186377bf4a74c6ca659ded13], 
PUP.Optional.Outbrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5}, , [7301b0ef186377bf4a74c6ca659ded13], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
Ist etwas davon gefährlich? Wie soll ich mich verhalten?

2. Seit ein paar Wochen erhalte ich von meinen GMX Postfach welches ich mit Windows Live Mail abrufen lasse, habe nur dort einen kostenlosen account, spam eingeschaltet, immer wieder Mails mit gleichem Text, aber verschiedenen Absender. Ich ordne die immer sofort als Junkmail ein. Klicke auf die Mail mit der rechten Maustaste und klicke auf Junkmail, wo es dann in den Junkmailordner geschoben wird. Geöffnet habe ich es noch nie.

Jetzt kommen fast täglich welche. Habe manches schon in die Blacklist eingetragen. Ohne Erfolg. Im Moment habe ich das automatische Abrufen des Gmx-Postfaches via Live Mail unterbunden und gehe jetzt nur noch - seit eben - direkt in das Postfach. Ich habe noch eine andere Emailadresse. Soll ich den Gmx-Account löschen? Gmx ist dafür irgendwie auch nicht erreichbar. Der eingerichtete Spamfilter fängt das nicht ab!

3) Fast vergessen: Emsisoft hatte auch etwas gefunden! Habe das ganz vergessen. Am 10.7.2014. Ein Textdatei ist irgendwie nicht herstellbar, deshalb tippe ich die Funde hier ab:


c:/program files (x86)/ Dell DataSafe Local Backup/SetMUILanguage.exe
c:/program files (x86)/Dell DataSafe Local Backup/Toaster.exe
c:/program files/MyDell/pcdrsysinfonal.p5x

alles in die Quarantäne geschoben. Echte Bedrohung?


Ich freue mich über Eure Hilfe. Bin ein bisschen verwundert, dass Malwarebyte was gefunden hat, trotz Sandboxie, Emsisoft und all das Halten an Eure mit vermittelten Regeln!

Bin ein wenig frustriert!

Freue mich, von Euch zu lesen. DANKE!

Gruß,

solonia
Geändert von solonia (16.07.2014 um 18:41 Uhr)

Alt 16.07.2014, 18:47   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Malwarebythe hat 3 verdächtige Elemente gefunden!Gmx-account ständig mit spam trotz Filter! - Standard

Malwarebythe hat 3 verdächtige Elemente gefunden!Gmx-account ständig mit spam trotz Filter!


hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________
Alt 16.07.2014, 19:04   #3
solonia
 
Malwarebythe hat 3 verdächtige Elemente gefunden!Gmx-account ständig mit spam trotz Filter! - Standard

Malwarebythe hat 3 verdächtige Elemente gefunden!Gmx-account ständig mit spam trotz Filter!


Lieber Schrauber,

danke für diese schnelle Antwort:

Hier die Logs von FRST:

1: Editor Txt:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01
Ran by smenz (administrator) on NOTEBOOK-N5050 on 16-07-2014 19:56:17
Running from C:\Users\smenz\Desktop\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\32\SbieSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieCrypto.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-13] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4841824 2014-07-09] (Emsisoft GmbH)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2732600908-1742709287-786376233-1000\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKU\S-1-5-21-2732600908-1742709287-786376233-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784392 2014-05-29] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2732600908-1742709287-786376233-1000\...\Run: [] => [X]
HKU\S-1-5-21-2732600908-1742709287-786376233-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [1128000 2014-06-03] (BillP Studios)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\smenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
Startup: C:\Users\smenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://dell.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.11.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.11.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\smenz\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)

Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Users\smenz\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (HTTPS Everywhere) - C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2013-06-12]
CHR Extension: (AdBlock) - C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-06-12]
CHR Extension: (No Name) - C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkjoindjjcmbdpbfppabdgflnkgbbcli [2013-06-11]
CHR Extension: (Ghostery) - C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-06-12]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4741384 2014-07-09] (Emsisoft GmbH)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-05-20] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [80032 2011-05-20] (Atheros Commnucations) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1889616 2014-07-03] (SurfRight B.V.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-07-03] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2013-03-15] (Windows (R) 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-03-15] (Paragon)
S1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-03-15] (Paragon)
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-16 19:56 - 2014-07-16 19:56 - 00000000 ____D () C:\FRST
2014-07-16 18:32 - 2014-07-16 18:31 - 00321448 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-07-15 09:09 - 2014-07-16 18:51 - 00000280 _____ () C:\windows\setupact.log
2014-07-15 09:09 - 2014-07-15 09:09 - 00000000 _____ () C:\windows\setuperr.log
2014-07-09 11:14 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-09 11:14 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-09 11:14 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-09 11:14 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-09 11:14 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-09 11:14 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-09 11:14 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-09 11:14 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-09 11:13 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-09 11:13 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-09 11:13 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-09 11:13 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-09 11:13 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-09 11:13 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-09 11:13 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-09 11:13 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-09 11:13 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-09 11:13 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-09 11:13 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-09 11:13 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-09 11:13 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-09 11:13 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-09 11:13 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-09 11:13 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-09 11:13 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-09 11:13 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-09 11:13 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-09 11:13 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 11:13 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-09 11:13 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-09 11:13 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-09 11:13 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-09 11:13 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-09 11:13 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-09 11:13 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-09 11:13 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-09 11:13 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-09 11:13 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-09 11:13 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-09 11:13 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-09 11:13 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-09 11:13 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-09 11:13 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-09 11:13 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-09 11:13 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-09 11:13 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-09 11:13 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-09 11:13 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-09 11:13 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 11:13 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-09 11:13 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-09 11:13 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-09 11:13 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-09 11:13 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-09 11:13 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-09 11:13 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-09 11:13 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-09 11:13 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-09 11:13 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-09 11:13 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-09 11:13 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-09 11:13 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-09 11:13 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-09 11:13 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-09 11:13 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-09 11:13 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-09 11:13 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-09 11:13 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-09 11:13 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-09 11:13 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-09 11:13 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-09 11:13 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-07-09 11:13 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-07-09 11:13 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-07-09 11:13 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-07-09 11:13 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-07-09 11:13 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-07-09 11:13 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-07-09 11:12 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-09 11:12 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-07-09 11:12 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-07-03 15:37 - 2014-07-16 18:53 - 00000000 ____D () C:\windows\CryptoGuard
2014-07-03 15:37 - 2014-07-03 15:37 - 00548424 _____ (SurfRight) C:\windows\system32\hmpalert.dll
2014-07-03 15:37 - 2014-07-03 15:37 - 00477008 _____ (SurfRight) C:\windows\SysWOW64\hmpalert.dll
2014-07-03 15:37 - 2014-07-03 15:37 - 00093144 _____ () C:\windows\system32\Drivers\hmpalert.sys
2014-07-03 15:37 - 2014-07-03 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2014-07-03 15:37 - 2014-07-03 15:37 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2014-07-03 15:37 - 2014-07-03 15:37 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2014-06-21 21:16 - 2014-07-14 12:33 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-06-21 21:16 - 2014-06-21 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-06-21 21:16 - 2014-06-21 21:16 - 00000000 ____D () C:\ProgramData\Licenses
2014-06-21 21:16 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSSTDFMT.DLL
2014-06-21 16:49 - 2014-06-21 16:50 - 00001691 _____ () C:\DelFix.txt
2014-06-20 16:03 - 2014-06-20 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-06-20 16:03 - 2014-06-20 16:03 - 00000000 ____D () C:\ProgramData\InstallMate
2014-06-20 16:03 - 2014-06-20 16:03 - 00000000 ____D () C:\Program Files (x86)\BillP Studios
2014-06-20 15:56 - 2014-06-20 15:56 - 00000000 ____D () C:\Users\smenz\AppData\Roaming\WinPatrol
2014-06-20 15:14 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-06-20 15:14 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-06-20 15:03 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-06-20 15:03 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-06-20 15:03 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-06-20 15:03 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-06-20 15:03 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-06-20 15:03 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-06-20 15:03 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-06-20 15:03 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-06-20 15:03 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2014-06-20 15:03 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2014-06-20 15:03 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-06-20 15:03 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-06-20 15:03 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-06-20 15:03 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-06-20 15:03 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2014-06-20 15:03 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-06-20 15:01 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-06-20 15:01 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-06-20 14:55 - 2014-07-16 18:31 - 00191400 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-06-20 14:55 - 2014-07-16 18:31 - 00190888 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-06-20 14:55 - 2014-07-16 18:31 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2014-06-20 14:48 - 2014-06-20 14:48 - 00001071 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-06-19 11:53 - 2014-06-19 11:53 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-06-17 15:16 - 2014-06-21 16:49 - 00000000 ____D () C:\windows\ERUNT
2014-06-17 15:04 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll

==================== One Month Modified Files and Folders =======

2014-07-16 19:56 - 2014-07-16 19:56 - 00000000 ____D () C:\FRST
2014-07-16 19:54 - 2013-06-12 23:38 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-07-16 19:53 - 2012-07-04 16:43 - 01230695 _____ () C:\windows\WindowsUpdate.log
2014-07-16 19:48 - 2012-10-19 15:42 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-16 19:19 - 2014-02-21 20:01 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-16 18:59 - 2009-07-14 06:45 - 00020720 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-16 18:59 - 2009-07-14 06:45 - 00020720 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-16 18:53 - 2014-07-03 15:37 - 00000000 ____D () C:\windows\CryptoGuard
2014-07-16 18:52 - 2012-10-19 15:42 - 00001104 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-16 18:52 - 2012-07-04 17:32 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-07-16 18:52 - 2012-07-04 17:32 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-07-16 18:51 - 2014-07-15 09:09 - 00000280 _____ () C:\windows\setupact.log
2014-07-16 18:51 - 2012-07-04 17:21 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-07-16 18:51 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-16 18:51 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\Speech
2014-07-16 18:33 - 2014-06-11 15:29 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-16 18:31 - 2014-07-16 18:32 - 00321448 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-07-16 18:31 - 2014-06-20 14:55 - 00191400 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-07-16 18:31 - 2014-06-20 14:55 - 00190888 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-07-16 18:31 - 2014-06-20 14:55 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2014-07-16 18:31 - 2014-01-24 11:42 - 00000000 ____D () C:\Program Files\Java
2014-07-15 20:41 - 2012-10-20 20:53 - 00000000 ____D () C:\Users\smenz\Documents\My Kindle Content
2014-07-15 14:45 - 2013-06-13 16:03 - 00000000 ____D () C:\Users\smenz\AppData\Roaming\Skype
2014-07-15 09:09 - 2014-07-15 09:09 - 00000000 _____ () C:\windows\setuperr.log
2014-07-14 12:33 - 2014-06-21 21:16 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-07-14 12:33 - 2012-07-04 16:56 - 00000000 ____D () C:\ProgramData\Temp
2014-07-14 11:06 - 2012-07-04 19:31 - 00699666 _____ () C:\windows\system32\perfh007.dat
2014-07-14 11:06 - 2012-07-04 19:31 - 00149774 _____ () C:\windows\system32\perfc007.dat
2014-07-14 11:06 - 2009-07-14 07:13 - 01620612 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-14 09:50 - 2013-06-13 17:13 - 00004588 _____ () C:\windows\Sandboxie.ini
2014-07-13 17:07 - 2014-04-06 19:24 - 00077414 _____ () C:\Users\smenz\Desktop\Übersicht Prozessarbeit 2.xlsx
2014-07-12 18:50 - 2012-12-06 20:05 - 00000000 ____D () C:\Users\smenz\Documents\Booksmarks
2014-07-12 18:40 - 2012-11-29 22:16 - 00000000 ____D () C:\Users\smenz\Documents\ELLA
2014-07-12 18:25 - 2012-10-19 17:43 - 00000000 ____D () C:\Users\smenz\Documents\OneNote-Notizbücher
2014-07-12 12:45 - 2013-05-23 14:08 - 00000000 ____D () C:\Program Files\My Dell
2014-07-12 10:05 - 2013-05-23 14:09 - 00003440 _____ () C:\windows\System32\Tasks\PCDEventLauncherTask
2014-07-10 16:20 - 2012-10-19 18:36 - 00000000 ____D () C:\Users\smenz\AppData\Local\Microsoft Games
2014-07-10 13:32 - 2012-07-04 17:15 - 00000000 ____D () C:\ProgramData\Skype
2014-07-10 13:08 - 2014-05-19 00:35 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-07-09 17:00 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-07-09 15:25 - 2009-07-14 06:45 - 00492792 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-09 15:23 - 2014-05-07 02:27 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-09 15:23 - 2012-07-04 19:34 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 15:23 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-07-09 15:23 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\Dism
2014-07-09 15:12 - 2012-10-19 17:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 15:10 - 2013-08-15 21:53 - 00000000 ____D () C:\windows\system32\MRT
2014-07-09 15:04 - 2012-10-24 13:56 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-08 21:19 - 2014-02-21 20:01 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 21:19 - 2013-06-11 14:08 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 21:19 - 2013-06-11 14:08 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-05 00:10 - 2012-10-19 17:47 - 00000000 ____D () C:\Users\smenz\AppData\Local\CrashDumps
2014-07-04 09:42 - 2013-12-28 21:30 - 00469383 _____ () C:\Users\smenz\Desktop\Budget 2014.xlsx
2014-07-03 15:37 - 2014-07-03 15:37 - 00548424 _____ (SurfRight) C:\windows\system32\hmpalert.dll
2014-07-03 15:37 - 2014-07-03 15:37 - 00477008 _____ (SurfRight) C:\windows\SysWOW64\hmpalert.dll
2014-07-03 15:37 - 2014-07-03 15:37 - 00093144 _____ () C:\windows\system32\Drivers\hmpalert.sys
2014-07-03 15:37 - 2014-07-03 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2014-07-03 15:37 - 2014-07-03 15:37 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2014-07-03 15:37 - 2014-07-03 15:37 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2014-07-03 00:08 - 2014-05-31 19:53 - 00001104 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-01 18:58 - 2012-10-19 13:19 - 00000000 ___RD () C:\Users\smenz\Eigene Bilder
2014-06-30 04:09 - 2014-07-09 11:14 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-09 11:14 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-29 13:04 - 2013-07-02 18:12 - 00023731 _____ () C:\Users\smenz\Desktop\Books Releases.xlsx
2014-06-26 14:51 - 2013-06-17 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-26 14:51 - 2013-06-17 16:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-25 18:43 - 2012-10-19 15:42 - 00004104 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-25 18:43 - 2012-10-19 15:42 - 00003852 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-24 11:24 - 2012-07-04 19:34 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-22 20:06 - 2013-05-08 13:43 - 00000000 ____D () C:\Users\smenz\AppData\Local\Windows Live
2014-06-21 21:16 - 2014-06-21 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-06-21 21:16 - 2014-06-21 21:16 - 00000000 ____D () C:\ProgramData\Licenses
2014-06-21 16:50 - 2014-06-21 16:49 - 00001691 _____ () C:\DelFix.txt
2014-06-21 16:49 - 2014-06-17 15:16 - 00000000 ____D () C:\windows\ERUNT
2014-06-21 15:28 - 2012-07-04 16:57 - 00000000 ____D () C:\Program Files (x86)\Dell
2014-06-21 15:28 - 2012-07-04 16:52 - 00000000 ____D () C:\ProgramData\Dell
2014-06-21 15:19 - 2012-07-04 17:16 - 00000000 ____D () C:\ProgramData\WildTangent
2014-06-21 15:19 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-20 22:14 - 2014-07-09 11:13 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-06-20 21:39 - 2014-07-09 11:13 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-06-20 16:03 - 2014-06-20 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-06-20 16:03 - 2014-06-20 16:03 - 00000000 ____D () C:\ProgramData\InstallMate
2014-06-20 16:03 - 2014-06-20 16:03 - 00000000 ____D () C:\Program Files (x86)\BillP Studios
2014-06-20 15:56 - 2014-06-20 15:56 - 00000000 ____D () C:\Users\smenz\AppData\Roaming\WinPatrol
2014-06-20 15:03 - 2012-06-08 10:48 - 01594892 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-06-20 14:53 - 2012-10-21 22:51 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-06-20 14:48 - 2014-06-20 14:48 - 00001071 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-06-19 11:53 - 2014-06-19 11:53 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-06-19 03:39 - 2014-07-09 11:13 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-19 03:06 - 2014-07-09 11:13 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-19 03:06 - 2014-07-09 11:13 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-19 02:48 - 2014-07-09 11:13 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-19 02:42 - 2014-07-09 11:13 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-19 02:42 - 2014-07-09 11:13 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-19 02:41 - 2014-07-09 11:13 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-06-19 02:41 - 2014-07-09 11:13 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-19 02:32 - 2014-07-09 11:13 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-19 02:31 - 2014-07-09 11:13 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-19 02:26 - 2014-07-09 11:13 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-19 02:24 - 2014-07-09 11:13 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-19 02:24 - 2014-07-09 11:13 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-19 02:23 - 2014-07-09 11:13 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-19 02:16 - 2014-07-09 11:13 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-19 02:14 - 2014-07-09 11:13 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-19 02:09 - 2014-07-09 11:13 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-19 01:59 - 2014-07-09 11:13 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 01:56 - 2014-07-09 11:13 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-19 01:53 - 2014-07-09 11:13 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-19 01:51 - 2014-07-09 11:13 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-19 01:50 - 2014-07-09 11:13 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-19 01:48 - 2014-07-09 11:13 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-19 01:39 - 2014-07-09 11:13 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-19 01:38 - 2014-07-09 11:13 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-19 01:37 - 2014-07-09 11:13 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-19 01:36 - 2014-07-09 11:13 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-06-19 01:35 - 2014-07-09 11:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-06-19 01:33 - 2014-07-09 11:13 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-19 01:32 - 2014-07-09 11:13 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-19 01:28 - 2014-07-09 11:13 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-19 01:28 - 2014-07-09 11:13 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-19 01:27 - 2014-07-09 11:13 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-19 01:27 - 2014-07-09 11:13 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-19 01:25 - 2014-07-09 11:13 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-19 01:23 - 2014-07-09 11:13 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-19 01:22 - 2014-07-09 11:13 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-06-19 01:12 - 2014-07-09 11:13 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-19 01:06 - 2014-07-09 11:13 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-19 01:01 - 2014-07-09 11:13 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-19 00:59 - 2014-07-09 11:13 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-19 00:58 - 2014-07-09 11:13 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-19 00:58 - 2014-07-09 11:13 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-19 00:52 - 2014-07-09 11:13 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-19 00:51 - 2014-07-09 11:13 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-19 00:49 - 2014-07-09 11:13 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-19 00:46 - 2014-07-09 11:13 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-06-19 00:45 - 2014-07-09 11:13 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-19 00:35 - 2014-07-09 11:13 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-19 00:34 - 2014-07-09 11:13 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-19 00:15 - 2014-07-09 11:13 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-19 00:13 - 2014-07-09 11:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-19 00:09 - 2014-07-09 11:13 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-19 00:07 - 2014-07-09 11:13 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-06-18 04:18 - 2014-07-09 11:14 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-06-18 03:51 - 2014-07-09 11:14 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-06-18 03:10 - 2014-07-09 11:14 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

Files to move or delete:
====================
C:\Users\smenz\AmazonMP3Downloader.exe
C:\Users\smenz\npAmazonMP3DownloaderPlugin101753.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-08 16:06

==================== End Of Log ============================
--- --- ---

--- --- ---


2. Addition text:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01
Ran by smenz (administrator) on NOTEBOOK-N5050 on 16-07-2014 19:56:17
Running from C:\Users\smenz\Desktop\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\32\SbieSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieCrypto.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-13] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4841824 2014-07-09] (Emsisoft GmbH)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2732600908-1742709287-786376233-1000\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKU\S-1-5-21-2732600908-1742709287-786376233-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784392 2014-05-29] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2732600908-1742709287-786376233-1000\...\Run: [] => [X]
HKU\S-1-5-21-2732600908-1742709287-786376233-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [1128000 2014-06-03] (BillP Studios)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\smenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
Startup: C:\Users\smenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://dell.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.11.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.11.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\smenz\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)

Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Users\smenz\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (HTTPS Everywhere) - C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2013-06-12]
CHR Extension: (AdBlock) - C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-06-12]
CHR Extension: (No Name) - C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkjoindjjcmbdpbfppabdgflnkgbbcli [2013-06-11]
CHR Extension: (Ghostery) - C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-06-12]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4741384 2014-07-09] (Emsisoft GmbH)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-05-20] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [80032 2011-05-20] (Atheros Commnucations) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1889616 2014-07-03] (SurfRight B.V.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-07-03] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2013-03-15] (Windows (R) 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-03-15] (Paragon)
S1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-03-15] (Paragon)
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-16 19:56 - 2014-07-16 19:56 - 00000000 ____D () C:\FRST
2014-07-16 18:32 - 2014-07-16 18:31 - 00321448 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-07-15 09:09 - 2014-07-16 18:51 - 00000280 _____ () C:\windows\setupact.log
2014-07-15 09:09 - 2014-07-15 09:09 - 00000000 _____ () C:\windows\setuperr.log
2014-07-09 11:14 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-09 11:14 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-09 11:14 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-09 11:14 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-09 11:14 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-09 11:14 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-09 11:14 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-09 11:14 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-09 11:13 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-09 11:13 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-09 11:13 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-09 11:13 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-09 11:13 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-09 11:13 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-09 11:13 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-09 11:13 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-09 11:13 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-09 11:13 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-09 11:13 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-09 11:13 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-09 11:13 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-09 11:13 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-09 11:13 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-09 11:13 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-09 11:13 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-09 11:13 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-09 11:13 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-09 11:13 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 11:13 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-09 11:13 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-09 11:13 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-09 11:13 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-09 11:13 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-09 11:13 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-09 11:13 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-09 11:13 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-09 11:13 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-09 11:13 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-09 11:13 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-09 11:13 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-09 11:13 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-09 11:13 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-09 11:13 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-09 11:13 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-09 11:13 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-09 11:13 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-09 11:13 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-09 11:13 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-09 11:13 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 11:13 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-09 11:13 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-09 11:13 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-09 11:13 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-09 11:13 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-09 11:13 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-09 11:13 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-09 11:13 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-09 11:13 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-09 11:13 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-09 11:13 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-09 11:13 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-09 11:13 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-09 11:13 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-09 11:13 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-09 11:13 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-09 11:13 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-09 11:13 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-09 11:13 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-09 11:13 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-09 11:13 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-09 11:13 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-09 11:13 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-07-09 11:13 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-07-09 11:13 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-07-09 11:13 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-07-09 11:13 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-07-09 11:13 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-07-09 11:13 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-07-09 11:12 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-09 11:12 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-07-09 11:12 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-07-03 15:37 - 2014-07-16 18:53 - 00000000 ____D () C:\windows\CryptoGuard
2014-07-03 15:37 - 2014-07-03 15:37 - 00548424 _____ (SurfRight) C:\windows\system32\hmpalert.dll
2014-07-03 15:37 - 2014-07-03 15:37 - 00477008 _____ (SurfRight) C:\windows\SysWOW64\hmpalert.dll
2014-07-03 15:37 - 2014-07-03 15:37 - 00093144 _____ () C:\windows\system32\Drivers\hmpalert.sys
2014-07-03 15:37 - 2014-07-03 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2014-07-03 15:37 - 2014-07-03 15:37 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2014-07-03 15:37 - 2014-07-03 15:37 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2014-06-21 21:16 - 2014-07-14 12:33 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-06-21 21:16 - 2014-06-21 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-06-21 21:16 - 2014-06-21 21:16 - 00000000 ____D () C:\ProgramData\Licenses
2014-06-21 21:16 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSSTDFMT.DLL
2014-06-21 16:49 - 2014-06-21 16:50 - 00001691 _____ () C:\DelFix.txt
2014-06-20 16:03 - 2014-06-20 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-06-20 16:03 - 2014-06-20 16:03 - 00000000 ____D () C:\ProgramData\InstallMate
2014-06-20 16:03 - 2014-06-20 16:03 - 00000000 ____D () C:\Program Files (x86)\BillP Studios
2014-06-20 15:56 - 2014-06-20 15:56 - 00000000 ____D () C:\Users\smenz\AppData\Roaming\WinPatrol
2014-06-20 15:14 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-06-20 15:14 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-06-20 15:03 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-06-20 15:03 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-06-20 15:03 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-06-20 15:03 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-06-20 15:03 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-06-20 15:03 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-06-20 15:03 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-06-20 15:03 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-06-20 15:03 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2014-06-20 15:03 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2014-06-20 15:03 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-06-20 15:03 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-06-20 15:03 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-06-20 15:03 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-06-20 15:03 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2014-06-20 15:03 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-06-20 15:01 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-06-20 15:01 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-06-20 14:55 - 2014-07-16 18:31 - 00191400 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-06-20 14:55 - 2014-07-16 18:31 - 00190888 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-06-20 14:55 - 2014-07-16 18:31 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2014-06-20 14:48 - 2014-06-20 14:48 - 00001071 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-06-19 11:53 - 2014-06-19 11:53 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-06-17 15:16 - 2014-06-21 16:49 - 00000000 ____D () C:\windows\ERUNT
2014-06-17 15:04 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll

==================== One Month Modified Files and Folders =======

2014-07-16 19:56 - 2014-07-16 19:56 - 00000000 ____D () C:\FRST
2014-07-16 19:54 - 2013-06-12 23:38 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-07-16 19:53 - 2012-07-04 16:43 - 01230695 _____ () C:\windows\WindowsUpdate.log
2014-07-16 19:48 - 2012-10-19 15:42 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-16 19:19 - 2014-02-21 20:01 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-16 18:59 - 2009-07-14 06:45 - 00020720 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-16 18:59 - 2009-07-14 06:45 - 00020720 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-16 18:53 - 2014-07-03 15:37 - 00000000 ____D () C:\windows\CryptoGuard
2014-07-16 18:52 - 2012-10-19 15:42 - 00001104 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-16 18:52 - 2012-07-04 17:32 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-07-16 18:52 - 2012-07-04 17:32 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-07-16 18:51 - 2014-07-15 09:09 - 00000280 _____ () C:\windows\setupact.log
2014-07-16 18:51 - 2012-07-04 17:21 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-07-16 18:51 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-16 18:51 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\Speech
2014-07-16 18:33 - 2014-06-11 15:29 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-16 18:31 - 2014-07-16 18:32 - 00321448 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-07-16 18:31 - 2014-06-20 14:55 - 00191400 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-07-16 18:31 - 2014-06-20 14:55 - 00190888 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-07-16 18:31 - 2014-06-20 14:55 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2014-07-16 18:31 - 2014-01-24 11:42 - 00000000 ____D () C:\Program Files\Java
2014-07-15 20:41 - 2012-10-20 20:53 - 00000000 ____D () C:\Users\smenz\Documents\My Kindle Content
2014-07-15 14:45 - 2013-06-13 16:03 - 00000000 ____D () C:\Users\smenz\AppData\Roaming\Skype
2014-07-15 09:09 - 2014-07-15 09:09 - 00000000 _____ () C:\windows\setuperr.log
2014-07-14 12:33 - 2014-06-21 21:16 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-07-14 12:33 - 2012-07-04 16:56 - 00000000 ____D () C:\ProgramData\Temp
2014-07-14 11:06 - 2012-07-04 19:31 - 00699666 _____ () C:\windows\system32\perfh007.dat
2014-07-14 11:06 - 2012-07-04 19:31 - 00149774 _____ () C:\windows\system32\perfc007.dat
2014-07-14 11:06 - 2009-07-14 07:13 - 01620612 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-14 09:50 - 2013-06-13 17:13 - 00004588 _____ () C:\windows\Sandboxie.ini
2014-07-13 17:07 - 2014-04-06 19:24 - 00077414 _____ () C:\Users\smenz\Desktop\Übersicht Prozessarbeit 2.xlsx
2014-07-12 18:50 - 2012-12-06 20:05 - 00000000 ____D () C:\Users\smenz\Documents\Booksmarks
2014-07-12 18:40 - 2012-11-29 22:16 - 00000000 ____D () C:\Users\smenz\Documents\ELLA
2014-07-12 18:25 - 2012-10-19 17:43 - 00000000 ____D () C:\Users\smenz\Documents\OneNote-Notizbücher
2014-07-12 12:45 - 2013-05-23 14:08 - 00000000 ____D () C:\Program Files\My Dell
2014-07-12 10:05 - 2013-05-23 14:09 - 00003440 _____ () C:\windows\System32\Tasks\PCDEventLauncherTask
2014-07-10 16:20 - 2012-10-19 18:36 - 00000000 ____D () C:\Users\smenz\AppData\Local\Microsoft Games
2014-07-10 13:32 - 2012-07-04 17:15 - 00000000 ____D () C:\ProgramData\Skype
2014-07-10 13:08 - 2014-05-19 00:35 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-07-09 17:00 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-07-09 15:25 - 2009-07-14 06:45 - 00492792 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-09 15:23 - 2014-05-07 02:27 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-09 15:23 - 2012-07-04 19:34 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 15:23 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-07-09 15:23 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\Dism
2014-07-09 15:12 - 2012-10-19 17:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 15:10 - 2013-08-15 21:53 - 00000000 ____D () C:\windows\system32\MRT
2014-07-09 15:04 - 2012-10-24 13:56 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-08 21:19 - 2014-02-21 20:01 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 21:19 - 2013-06-11 14:08 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 21:19 - 2013-06-11 14:08 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-05 00:10 - 2012-10-19 17:47 - 00000000 ____D () C:\Users\smenz\AppData\Local\CrashDumps
2014-07-04 09:42 - 2013-12-28 21:30 - 00469383 _____ () C:\Users\smenz\Desktop\Budget 2014.xlsx
2014-07-03 15:37 - 2014-07-03 15:37 - 00548424 _____ (SurfRight) C:\windows\system32\hmpalert.dll
2014-07-03 15:37 - 2014-07-03 15:37 - 00477008 _____ (SurfRight) C:\windows\SysWOW64\hmpalert.dll
2014-07-03 15:37 - 2014-07-03 15:37 - 00093144 _____ () C:\windows\system32\Drivers\hmpalert.sys
2014-07-03 15:37 - 2014-07-03 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2014-07-03 15:37 - 2014-07-03 15:37 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2014-07-03 15:37 - 2014-07-03 15:37 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2014-07-03 00:08 - 2014-05-31 19:53 - 00001104 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-01 18:58 - 2012-10-19 13:19 - 00000000 ___RD () C:\Users\smenz\Eigene Bilder
2014-06-30 04:09 - 2014-07-09 11:14 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-09 11:14 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-29 13:04 - 2013-07-02 18:12 - 00023731 _____ () C:\Users\smenz\Desktop\Books Releases.xlsx
2014-06-26 14:51 - 2013-06-17 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-26 14:51 - 2013-06-17 16:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-25 18:43 - 2012-10-19 15:42 - 00004104 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-25 18:43 - 2012-10-19 15:42 - 00003852 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-24 11:24 - 2012-07-04 19:34 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-22 20:06 - 2013-05-08 13:43 - 00000000 ____D () C:\Users\smenz\AppData\Local\Windows Live
2014-06-21 21:16 - 2014-06-21 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-06-21 21:16 - 2014-06-21 21:16 - 00000000 ____D () C:\ProgramData\Licenses
2014-06-21 16:50 - 2014-06-21 16:49 - 00001691 _____ () C:\DelFix.txt
2014-06-21 16:49 - 2014-06-17 15:16 - 00000000 ____D () C:\windows\ERUNT
2014-06-21 15:28 - 2012-07-04 16:57 - 00000000 ____D () C:\Program Files (x86)\Dell
2014-06-21 15:28 - 2012-07-04 16:52 - 00000000 ____D () C:\ProgramData\Dell
2014-06-21 15:19 - 2012-07-04 17:16 - 00000000 ____D () C:\ProgramData\WildTangent
2014-06-21 15:19 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-20 22:14 - 2014-07-09 11:13 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-06-20 21:39 - 2014-07-09 11:13 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-06-20 16:03 - 2014-06-20 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-06-20 16:03 - 2014-06-20 16:03 - 00000000 ____D () C:\ProgramData\InstallMate
2014-06-20 16:03 - 2014-06-20 16:03 - 00000000 ____D () C:\Program Files (x86)\BillP Studios
2014-06-20 15:56 - 2014-06-20 15:56 - 00000000 ____D () C:\Users\smenz\AppData\Roaming\WinPatrol
2014-06-20 15:03 - 2012-06-08 10:48 - 01594892 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-06-20 14:53 - 2012-10-21 22:51 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-06-20 14:48 - 2014-06-20 14:48 - 00001071 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-06-19 11:53 - 2014-06-19 11:53 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-06-19 03:39 - 2014-07-09 11:13 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-19 03:06 - 2014-07-09 11:13 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-19 03:06 - 2014-07-09 11:13 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-19 02:48 - 2014-07-09 11:13 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-19 02:42 - 2014-07-09 11:13 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-19 02:42 - 2014-07-09 11:13 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-19 02:41 - 2014-07-09 11:13 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-06-19 02:41 - 2014-07-09 11:13 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-19 02:32 - 2014-07-09 11:13 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-19 02:31 - 2014-07-09 11:13 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-19 02:26 - 2014-07-09 11:13 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-19 02:24 - 2014-07-09 11:13 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-19 02:24 - 2014-07-09 11:13 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-19 02:23 - 2014-07-09 11:13 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-19 02:16 - 2014-07-09 11:13 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-19 02:14 - 2014-07-09 11:13 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-19 02:09 - 2014-07-09 11:13 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-19 01:59 - 2014-07-09 11:13 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 01:56 - 2014-07-09 11:13 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-19 01:53 - 2014-07-09 11:13 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-19 01:51 - 2014-07-09 11:13 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-19 01:50 - 2014-07-09 11:13 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-19 01:48 - 2014-07-09 11:13 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-19 01:39 - 2014-07-09 11:13 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-19 01:38 - 2014-07-09 11:13 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-19 01:37 - 2014-07-09 11:13 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-19 01:36 - 2014-07-09 11:13 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-06-19 01:35 - 2014-07-09 11:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-06-19 01:33 - 2014-07-09 11:13 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-19 01:32 - 2014-07-09 11:13 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-19 01:28 - 2014-07-09 11:13 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-19 01:28 - 2014-07-09 11:13 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-19 01:27 - 2014-07-09 11:13 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-19 01:27 - 2014-07-09 11:13 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-19 01:25 - 2014-07-09 11:13 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-19 01:23 - 2014-07-09 11:13 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-19 01:22 - 2014-07-09 11:13 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-06-19 01:12 - 2014-07-09 11:13 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-19 01:06 - 2014-07-09 11:13 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-19 01:01 - 2014-07-09 11:13 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-19 00:59 - 2014-07-09 11:13 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-19 00:58 - 2014-07-09 11:13 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-19 00:58 - 2014-07-09 11:13 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-19 00:52 - 2014-07-09 11:13 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-19 00:51 - 2014-07-09 11:13 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-19 00:49 - 2014-07-09 11:13 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-19 00:46 - 2014-07-09 11:13 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-06-19 00:45 - 2014-07-09 11:13 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-19 00:35 - 2014-07-09 11:13 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-19 00:34 - 2014-07-09 11:13 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-19 00:15 - 2014-07-09 11:13 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-19 00:13 - 2014-07-09 11:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-19 00:09 - 2014-07-09 11:13 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-19 00:07 - 2014-07-09 11:13 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-06-18 04:18 - 2014-07-09 11:14 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-06-18 03:51 - 2014-07-09 11:14 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-06-18 03:10 - 2014-07-09 11:14 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

Files to move or delete:
====================
C:\Users\smenz\AmazonMP3Downloader.exe
C:\Users\smenz\npAmazonMP3DownloaderPlugin101753.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-08 16:06

==================== End Of Log ============================
--- --- ---

--- --- ---



3. Noch etwas, eben beim Surfen bin ich auf folgende Seite umgeleitet worden:

Bitte aktualisieren Sie auf die neueste Version Java Script oder so.
www.lpmxp2029.com


hxxp://www.lpmxp2029.com/5E6B447866497643706C78496D7C402897231381A371AE5DE0CC5CF0A887DD424C747AAF8A72E72CAF1A9A1AD1641F15?affid=13125&tgu_src_lp_domain=www.dllsoftultimate.com &r=1091410372

Das ist die ausführliche Adresse!


Habe nicht drauf geklickt! Auch noch nicht den Verlauf geleert. Und das, obwohl ich eben Javascript upgedatet habe! Seltsam!

4. WinPatrol Alert immer wieder wenn Notizen geöffnet:

c;\windows\system32\StikyNot.exe

Bisher habe ich immer reject change angeklickt, richtig?

Ach ja, PC bzw. Laptop mit Windows 7, 64 bit system.

Liebe Grüße nach München,
Sonja
__________________
Geändert von solonia (16.07.2014 um 19:09 Uhr)

Alt 17.07.2014, 15:15   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Malwarebythe hat 3 verdächtige Elemente gefunden!Gmx-account ständig mit spam trotz Filter! - Standard

Malwarebythe hat 3 verdächtige Elemente gefunden!Gmx-account ständig mit spam trotz Filter!


hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.07.2014, 16:48   #5
solonia
 
Malwarebythe hat 3 verdächtige Elemente gefunden!Gmx-account ständig mit spam trotz Filter! - Standard

Malwarebythe hat 3 verdächtige Elemente gefunden!Gmx-account ständig mit spam trotz Filter!


Lieber Schrauber,

ich habe Combofix laufen lassen. Emsisoft, Spywareblaster, Hitman Alert vorher enabled. Trotzdem meckerte Combofix und meinte, Emsisoft sei nicht deaktiviert.

Habe trotzdem, wie in Ihrer Anleitung, Combofix laufen lassen.

Hier ist das Logfile:

Code:
ATTFilter
 AV: Emsisoft Anti-Malware *Enabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
SP: Emsisoft Anti-Malware *Enabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-06-17 bis 2014-07-17  ))))))))))))))))))))))))))))))
.
.
2014-07-17 15:39 . 2014-07-17 15:39	--------	d-----w-	c:\users\Solonia\AppData\Local\temp
2014-07-17 15:39 . 2014-07-17 15:39	--------	d-----w-	c:\users\Public\AppData\Local\temp
2014-07-17 15:39 . 2014-07-17 15:39	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-07-17 15:35 . 2014-07-17 15:35	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7709606B-891D-4112-B933-C49721E4B07A}\offreg.dll
2014-07-16 17:56 . 2014-07-16 17:57	--------	d-----w-	C:\FRST
2014-07-16 16:32 . 2014-07-16 16:32	--------	d-----w-	c:\program files (x86)\Common Files\Java
2014-07-16 16:32 . 2014-07-16 16:31	321448	----a-w-	c:\windows\system32\javaws.exe
2014-07-16 16:28 . 2014-07-02 03:09	10924376	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7709606B-891D-4112-B933-C49721E4B07A}\mpengine.dll
2014-07-10 11:31 . 2014-07-10 11:31	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2014-07-09 09:13 . 2014-05-30 08:08	340992	----a-w-	c:\windows\system32\schannel.dll
2014-07-09 09:12 . 2014-06-05 14:45	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-07-09 09:12 . 2014-06-05 14:26	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-07-09 09:12 . 2014-06-05 14:25	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2014-07-03 13:37 . 2014-07-03 13:37	--------	d-----w-	c:\programdata\HitmanPro.Alert
2014-07-03 13:37 . 2014-07-17 15:09	--------	d-----w-	c:\windows\CryptoGuard
2014-07-03 13:37 . 2014-07-03 13:37	93144	----a-w-	c:\windows\system32\drivers\hmpalert.sys
2014-07-03 13:37 . 2014-07-03 13:37	548424	----a-w-	c:\windows\system32\hmpalert.dll
2014-07-03 13:37 . 2014-07-03 13:37	477008	----a-w-	c:\windows\SysWow64\hmpalert.dll
2014-07-03 13:37 . 2014-07-03 13:37	--------	d-----w-	c:\program files (x86)\HitmanPro.Alert
2014-06-21 19:16 . 2014-06-21 19:16	--------	d-----w-	c:\programdata\Licenses
2014-06-21 19:16 . 2014-07-14 10:33	--------	d-----w-	c:\program files (x86)\SpywareBlaster
2014-06-21 19:16 . 2009-03-24 10:52	129872	----a-w-	c:\windows\SysWow64\MSSTDFMT.DLL
2014-06-20 14:03 . 2014-06-20 14:03	--------	d-----w-	c:\programdata\InstallMate
2014-06-20 14:03 . 2014-06-20 14:03	--------	d-----w-	c:\program files (x86)\BillP Studios
2014-06-20 13:56 . 2014-06-20 13:56	--------	d-----w-	c:\users\smenz\AppData\Roaming\WinPatrol
2014-06-20 13:14 . 2014-01-09 02:22	5694464	----a-w-	c:\windows\SysWow64\mstscax.dll
2014-06-20 13:14 . 2014-01-03 22:44	6574592	----a-w-	c:\windows\system32\mstscax.dll
2014-06-20 13:01 . 2013-09-25 02:23	1030144	----a-w-	c:\windows\system32\TSWorkspace.dll
2014-06-20 13:01 . 2013-09-25 01:57	792576	----a-w-	c:\windows\SysWow64\TSWorkspace.dll
2014-06-20 12:55 . 2014-07-16 16:31	111016	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2014-06-20 12:55 . 2014-07-16 16:31	191400	----a-w-	c:\windows\system32\javaw.exe
2014-06-20 12:55 . 2014-07-16 16:31	190888	----a-w-	c:\windows\system32\java.exe
2014-06-19 09:53 . 2014-06-19 09:53	--------	d-----w-	c:\programdata\Emsisoft
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-16 16:33 . 2014-06-11 13:29	122584	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-09 13:04 . 2012-10-24 11:56	96441528	----a-w-	c:\windows\system32\MRT.exe
2014-07-08 19:19 . 2013-06-11 12:08	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-08 19:19 . 2013-06-11 12:08	699056	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-03 08:41 . 2014-05-18 21:09	589008	----a-w-	c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-05-12 05:26 . 2014-06-11 13:29	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-05-12 05:26 . 2014-06-11 13:29	91352	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 05:25 . 2013-06-19 08:07	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-05-08 09:32 . 2014-06-12 12:46	16384	----a-w-	c:\windows\system32\RdpGroupPolicyExtension.dll
2014-05-08 09:32 . 2014-06-12 12:46	3178496	----a-w-	c:\windows\system32\rdpcorets.dll
2014-04-25 02:34 . 2014-06-12 12:46	801280	----a-w-	c:\windows\system32\usp10.dll
2014-04-25 02:06 . 2014-06-12 12:46	626688	----a-w-	c:\windows\SysWow64\usp10.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-05-18 20:31	223432	----a-w-	c:\users\smenz\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-05-18 20:31	223432	----a-w-	c:\users\smenz\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-05-18 20:31	223432	----a-w-	c:\users\smenz\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2014-05-29 784392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"emsisoft anti-malware"="c:\program files (x86)\emsisoft anti-malware\a2guard.exe" [2014-07-09 4841824]
.
c:\users\smenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
An OneNote senden.lnk - c:\program files\Microsoft Office 15\root\office15\onenotem.exe /tsr [2014-7-10 195248]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-12-6 565464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys;c:\windows\SYSNATIVE\Drivers\uim_vimx64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\my dell\pcdsrvc_x64.pkms;c:\program files\my dell\pcdsrvc_x64.pkms [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [x]
S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [x]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [x]
S2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]
S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 hmpalert;HitmanPro.Alert Support Driver;c:\windows\system32\drivers\hmpalert.sys;c:\windows\SYSNATIVE\drivers\hmpalert.sys [x]
S2 hmpalertsvc;HitmanPro.Alert Service;c:\program files (x86)\HitmanPro.Alert\hmpalert.exe;c:\program files (x86)\HitmanPro.Alert\hmpalert.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-12 07:43	1091912	----a-w-	c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11 19:19]
.
2014-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-19 13:42]
.
2014-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-19 13:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-05-18 20:31	262344	----a-w-	c:\users\smenz\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-05-18 20:31	262344	----a-w-	c:\users\smenz\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-05-18 20:31	262344	----a-w-	c:\users\smenz\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-06-10 10:07	2335960	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-06-10 10:07	2335960	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-06-10 10:07	2335960	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Amazon MP3-Downloader - c:\users\smenz\Uninstall.exe
AddRemove-WildTangentGameProvider-dell-genres - c:\program files (x86)\WildTangent\Dell Games\Game Explorer Categories - genres\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{D3412D80-CF3B4A27-06020200}_0]
"ImagePath"="\??\c:\program files\my dell\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-07-17  17:44:43
ComboFix-quarantined-files.txt  2014-07-17 15:44
.
Vor Suchlauf: 15 Verzeichnis(se), 420.684.046.336 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 420.371.812.352 Bytes frei
.
- - End Of File - - 0410DCCA2AA291FC911912E3D60F56FC
Gruß,
solonia


Alt 17.07.2014, 17:16   #6
schrauber
/// the machine
/// TB-Ausbilder
 
Malwarebythe hat 3 verdächtige Elemente gefunden!Gmx-account ständig mit spam trotz Filter! - Standard

Malwarebythe hat 3 verdächtige Elemente gefunden!Gmx-account ständig mit spam trotz Filter!


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Malwarebythe hat 3 verdächtige Elemente gefunden!Gmx-account ständig mit spam trotz Filter!

Alt 18.07.2014, 14:30   #7
solonia
 
Malwarebythe hat 3 verdächtige Elemente gefunden!Gmx-account ständig mit spam trotz Filter! - Standard

Malwarebythe hat 3 verdächtige Elemente gefunden!Gmx-account ständig mit spam trotz Filter!


Lieber Schrauber,

1) Malwarebythe

Da ich diese Software schon seit Juni drauf habe, habe ich einfach nur die Datenbankversion aktualisieren lassen.

Der Scan war ohne Ergebnisse:

a. hier das File von heute Abend:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 17.07.2014
Suchlauf-Zeit: 21:35:07
Logdatei: mbam 16.7.2014.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.17.10
Rootkit Datenbank: v2014.07.14.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: smenz

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 334972
Verstrichene Zeit: 12 Min, 39 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
b. das File von gestern von den drei Funden, dessen Logfile ich hier als erstes gepostet habe, das alles liegt in Quarantäne! Löschen?

2.)

AdwareCleaner

Beim Starten des Suchlaufes kam die Meldung, die Version wäre veraltet, es gäbe eine neuere Version. Aber unter filepony bin ich nicht fündig geworden. Und beim ok-drücken auf neuere Version ging ein Internet Explorer Fenster auf mit einer Download Seite. Das war mir nicht koscher und habe es abgebrochen.

Der File, den ich jetzt poste, ist die Version, wohin mich Eurer Link geführt hat.

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.215 - Bericht erstellt am 17/07/2014 um 22:02:59
# Aktualisiert 09/07/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : smenz - NOTEBOOK-N5050
# Gestartet von : C:\Users\smenz\Desktop\adwcleaner_3.215.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkjoindjjcmbdpbfppabdgflnkgbbcli
Ordner Gelöscht : C:\Users\Solonia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkjoindjjcmbdpbfppabdgflnkgbbcli

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v

-\\ Google Chrome v36.0.1985.125

[ Datei : C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Datei : C:\Users\Solonia\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1177 octets] - [17/07/2014 22:00:33]
AdwCleaner[S0].txt - [1098 octets] - [17/07/2014 22:02:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1158 octets] ##########
--- --- ---
[/CODE]



3.) JRT


File

Code:
ATTFilter
   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by smenz on 17.07.2014 at 22:11:17,19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.07.2014 at 23:01:19,54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
4.) frische Logfiles FRST:

a.)

Code:
ATTFilter
   
FRST Logfile:

FRST Logfile:


	
Code: 

 
ATTFilter


  

	
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01
Ran by smenz (administrator) on NOTEBOOK-N5050 on 17-07-2014 23:37:34
Running from C:\Users\smenz\Desktop\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-13] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4841824 2014-07-09] (Emsisoft GmbH)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2732600908-1742709287-786376233-1000\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKU\S-1-5-21-2732600908-1742709287-786376233-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784392 2014-05-29] (Sandboxie Holdings, LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\smenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
Startup: C:\Users\smenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.11.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.11.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\smenz\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)

Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Users\smenz\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (HTTPS Everywhere) - C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2013-06-12]
CHR Extension: (AdBlock) - C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-06-12]
CHR Extension: (Ghostery) - C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-06-12]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4741384 2014-07-09] (Emsisoft GmbH)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-05-20] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [80032 2011-05-20] (Atheros Commnucations) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1889616 2014-07-03] (SurfRight B.V.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-07-03] ()
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-17] (Malwarebytes Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2013-03-15] (Windows (R) 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-03-15] (Paragon)
S1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-03-15] (Paragon)
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-17 23:01 - 2014-07-17 23:01 - 00000625 _____ () C:\Users\smenz\Desktop\JRT.txt
2014-07-17 22:00 - 2014-07-17 22:03 - 00000000 ____D () C:\AdwCleaner
2014-07-17 21:59 - 2014-07-17 21:59 - 01348263 _____ () C:\Users\smenz\Desktop\adwcleaner_3.215.exe
2014-07-17 17:44 - 2014-07-17 17:44 - 00025355 _____ () C:\ComboFix.txt
2014-07-17 17:27 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-07-17 17:27 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-07-17 17:27 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-07-17 17:27 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-07-17 17:27 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-07-17 17:27 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-07-17 17:27 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-07-17 17:27 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-07-17 17:25 - 2014-07-17 17:45 - 00000000 ____D () C:\Qoobox
2014-07-17 13:05 - 2014-07-17 22:04 - 00001102 _____ () C:\windows\PFRO.log
2014-07-16 19:56 - 2014-07-17 23:37 - 00000000 ____D () C:\FRST
2014-07-16 18:32 - 2014-07-16 18:31 - 00321448 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-07-15 09:09 - 2014-07-17 22:04 - 00000448 _____ () C:\windows\setupact.log
2014-07-15 09:09 - 2014-07-15 09:09 - 00000000 _____ () C:\windows\setuperr.log
2014-07-09 11:14 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-09 11:14 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-09 11:14 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-09 11:14 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-09 11:14 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-09 11:14 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-09 11:14 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-09 11:14 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-09 11:13 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-09 11:13 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-09 11:13 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-09 11:13 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-09 11:13 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-09 11:13 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-09 11:13 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-09 11:13 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-09 11:13 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-09 11:13 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-09 11:13 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-09 11:13 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-09 11:13 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-09 11:13 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-09 11:13 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-09 11:13 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-09 11:13 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-09 11:13 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-09 11:13 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-09 11:13 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 11:13 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-09 11:13 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-09 11:13 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-09 11:13 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-09 11:13 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-09 11:13 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-09 11:13 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-09 11:13 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-09 11:13 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-09 11:13 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-09 11:13 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-09 11:13 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-09 11:13 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-09 11:13 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-09 11:13 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-09 11:13 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-09 11:13 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-09 11:13 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-09 11:13 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-09 11:13 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-09 11:13 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 11:13 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-09 11:13 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-09 11:13 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-09 11:13 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-09 11:13 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-09 11:13 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-09 11:13 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-09 11:13 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-09 11:13 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-09 11:13 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-09 11:13 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-09 11:13 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-09 11:13 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-09 11:13 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-09 11:13 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-09 11:13 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-09 11:13 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-09 11:13 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-09 11:13 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-09 11:13 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-09 11:13 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-09 11:13 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-09 11:13 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-07-09 11:13 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-07-09 11:13 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-07-09 11:13 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-07-09 11:13 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-07-09 11:13 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-07-09 11:13 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-07-09 11:12 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-09 11:12 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-07-09 11:12 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-07-03 15:37 - 2014-07-17 22:07 - 00000000 ____D () C:\windows\CryptoGuard
2014-07-03 15:37 - 2014-07-03 15:37 - 00548424 _____ (SurfRight) C:\windows\system32\hmpalert.dll
2014-07-03 15:37 - 2014-07-03 15:37 - 00477008 _____ (SurfRight) C:\windows\SysWOW64\hmpalert.dll
2014-07-03 15:37 - 2014-07-03 15:37 - 00093144 _____ () C:\windows\system32\Drivers\hmpalert.sys
2014-07-03 15:37 - 2014-07-03 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2014-07-03 15:37 - 2014-07-03 15:37 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2014-07-03 15:37 - 2014-07-03 15:37 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2014-06-21 21:16 - 2014-07-17 18:01 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-06-21 21:16 - 2014-06-21 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-06-21 21:16 - 2014-06-21 21:16 - 00000000 ____D () C:\ProgramData\Licenses
2014-06-21 21:16 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSSTDFMT.DLL
2014-06-21 16:49 - 2014-06-21 16:50 - 00001691 _____ () C:\DelFix.txt
2014-06-20 16:03 - 2014-06-20 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-06-20 16:03 - 2014-06-20 16:03 - 00000000 ____D () C:\ProgramData\InstallMate
2014-06-20 16:03 - 2014-06-20 16:03 - 00000000 ____D () C:\Program Files (x86)\BillP Studios
2014-06-20 15:56 - 2014-06-20 15:56 - 00000000 ____D () C:\Users\smenz\AppData\Roaming\WinPatrol
2014-06-20 15:14 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-06-20 15:14 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-06-20 15:03 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-06-20 15:03 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-06-20 15:03 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-06-20 15:03 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-06-20 15:03 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-06-20 15:03 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-06-20 15:03 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-06-20 15:03 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-06-20 15:03 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2014-06-20 15:03 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2014-06-20 15:03 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-06-20 15:03 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-06-20 15:03 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-06-20 15:03 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-06-20 15:03 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2014-06-20 15:03 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-06-20 15:01 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-06-20 15:01 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-06-20 14:55 - 2014-07-16 18:31 - 00191400 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-06-20 14:55 - 2014-07-16 18:31 - 00190888 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-06-20 14:55 - 2014-07-16 18:31 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2014-06-20 14:48 - 2014-06-20 14:48 - 00001071 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-06-19 11:53 - 2014-06-19 11:53 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-06-17 15:16 - 2014-06-21 16:49 - 00000000 ____D () C:\windows\ERUNT
2014-06-17 15:04 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll

==================== One Month Modified Files and Folders =======

2014-07-17 23:37 - 2014-07-16 19:56 - 00000000 ____D () C:\FRST
2014-07-17 23:23 - 2013-06-12 23:38 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-07-17 23:19 - 2014-02-21 20:01 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-17 23:01 - 2014-07-17 23:01 - 00000625 _____ () C:\Users\smenz\Desktop\JRT.txt
2014-07-17 22:48 - 2012-10-19 15:42 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-17 22:13 - 2009-07-14 06:45 - 00020720 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-17 22:13 - 2009-07-14 06:45 - 00020720 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-17 22:10 - 2012-07-04 16:56 - 00000000 ____D () C:\ProgramData\Temp
2014-07-17 22:07 - 2014-07-03 15:37 - 00000000 ____D () C:\windows\CryptoGuard
2014-07-17 22:06 - 2012-10-19 15:42 - 00001104 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-17 22:06 - 2012-07-04 17:32 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-07-17 22:06 - 2012-07-04 17:32 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-07-17 22:05 - 2012-07-04 16:43 - 01272369 _____ () C:\windows\WindowsUpdate.log
2014-07-17 22:04 - 2014-07-17 13:05 - 00001102 _____ () C:\windows\PFRO.log
2014-07-17 22:04 - 2014-07-15 09:09 - 00000448 _____ () C:\windows\setupact.log
2014-07-17 22:04 - 2012-07-04 17:21 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-07-17 22:04 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-17 22:03 - 2014-07-17 22:00 - 00000000 ____D () C:\AdwCleaner
2014-07-17 21:59 - 2014-07-17 21:59 - 01348263 _____ () C:\Users\smenz\Desktop\adwcleaner_3.215.exe
2014-07-17 21:31 - 2014-06-11 15:29 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-17 18:01 - 2014-06-21 21:16 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-07-17 17:45 - 2014-07-17 17:25 - 00000000 ____D () C:\Qoobox
2014-07-17 17:44 - 2014-07-17 17:44 - 00025355 _____ () C:\ComboFix.txt
2014-07-17 17:39 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini
2014-07-17 15:55 - 2012-07-04 19:31 - 00699666 _____ () C:\windows\system32\perfh007.dat
2014-07-17 15:55 - 2012-07-04 19:31 - 00149774 _____ () C:\windows\system32\perfc007.dat
2014-07-17 15:55 - 2009-07-14 07:13 - 01620612 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-16 21:42 - 2013-06-13 16:03 - 00000000 ____D () C:\Users\smenz\AppData\Roaming\Skype
2014-07-16 18:51 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\Speech
2014-07-16 18:31 - 2014-07-16 18:32 - 00321448 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-07-16 18:31 - 2014-06-20 14:55 - 00191400 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-07-16 18:31 - 2014-06-20 14:55 - 00190888 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-07-16 18:31 - 2014-06-20 14:55 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2014-07-16 18:31 - 2014-01-24 11:42 - 00000000 ____D () C:\Program Files\Java
2014-07-15 20:41 - 2012-10-20 20:53 - 00000000 ____D () C:\Users\smenz\Documents\My Kindle Content
2014-07-15 09:09 - 2014-07-15 09:09 - 00000000 _____ () C:\windows\setuperr.log
2014-07-14 09:50 - 2013-06-13 17:13 - 00004588 _____ () C:\windows\Sandboxie.ini
2014-07-13 17:07 - 2014-04-06 19:24 - 00077414 _____ () C:\Users\smenz\Desktop\Übersicht Prozessarbeit 2.xlsx
2014-07-12 18:50 - 2012-12-06 20:05 - 00000000 ____D () C:\Users\smenz\Documents\Booksmarks
2014-07-12 18:40 - 2012-11-29 22:16 - 00000000 ____D () C:\Users\smenz\Documents\ELLA
2014-07-12 18:25 - 2012-10-19 17:43 - 00000000 ____D () C:\Users\smenz\Documents\OneNote-Notizbücher
2014-07-12 12:45 - 2013-05-23 14:08 - 00000000 ____D () C:\Program Files\My Dell
2014-07-12 10:05 - 2013-05-23 14:09 - 00003440 _____ () C:\windows\System32\Tasks\PCDEventLauncherTask
2014-07-10 16:20 - 2012-10-19 18:36 - 00000000 ____D () C:\Users\smenz\AppData\Local\Microsoft Games
2014-07-10 13:32 - 2012-07-04 17:15 - 00000000 ____D () C:\ProgramData\Skype
2014-07-10 13:08 - 2014-05-19 00:35 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-07-09 17:00 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-07-09 15:25 - 2009-07-14 06:45 - 00492792 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-09 15:23 - 2014-05-07 02:27 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-09 15:23 - 2012-07-04 19:34 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 15:23 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-07-09 15:23 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\Dism
2014-07-09 15:12 - 2012-10-19 17:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 15:10 - 2013-08-15 21:53 - 00000000 ____D () C:\windows\system32\MRT
2014-07-09 15:04 - 2012-10-24 13:56 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-08 21:19 - 2014-02-21 20:01 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 21:19 - 2013-06-11 14:08 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 21:19 - 2013-06-11 14:08 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-05 00:10 - 2012-10-19 17:47 - 00000000 ____D () C:\Users\smenz\AppData\Local\CrashDumps
2014-07-04 09:42 - 2013-12-28 21:30 - 00469383 _____ () C:\Users\smenz\Desktop\Budget 2014.xlsx
2014-07-03 15:37 - 2014-07-03 15:37 - 00548424 _____ (SurfRight) C:\windows\system32\hmpalert.dll
2014-07-03 15:37 - 2014-07-03 15:37 - 00477008 _____ (SurfRight) C:\windows\SysWOW64\hmpalert.dll
2014-07-03 15:37 - 2014-07-03 15:37 - 00093144 _____ () C:\windows\system32\Drivers\hmpalert.sys
2014-07-03 15:37 - 2014-07-03 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2014-07-03 15:37 - 2014-07-03 15:37 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2014-07-03 15:37 - 2014-07-03 15:37 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2014-07-03 00:08 - 2014-05-31 19:53 - 00001104 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-01 18:58 - 2012-10-19 13:19 - 00000000 ___RD () C:\Users\smenz\Eigene Bilder
2014-06-30 04:09 - 2014-07-09 11:14 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-09 11:14 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-29 13:04 - 2013-07-02 18:12 - 00023731 _____ () C:\Users\smenz\Desktop\Books Releases.xlsx
2014-06-26 14:51 - 2013-06-17 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-26 14:51 - 2013-06-17 16:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-25 18:43 - 2012-10-19 15:42 - 00004104 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-25 18:43 - 2012-10-19 15:42 - 00003852 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-24 11:24 - 2012-07-04 19:34 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-22 20:06 - 2013-05-08 13:43 - 00000000 ____D () C:\Users\smenz\AppData\Local\Windows Live
2014-06-21 21:16 - 2014-06-21 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-06-21 21:16 - 2014-06-21 21:16 - 00000000 ____D () C:\ProgramData\Licenses
2014-06-21 16:50 - 2014-06-21 16:49 - 00001691 _____ () C:\DelFix.txt
2014-06-21 16:49 - 2014-06-17 15:16 - 00000000 ____D () C:\windows\ERUNT
2014-06-21 15:28 - 2012-07-04 16:57 - 00000000 ____D () C:\Program Files (x86)\Dell
2014-06-21 15:28 - 2012-07-04 16:52 - 00000000 ____D () C:\ProgramData\Dell
2014-06-21 15:19 - 2012-07-04 17:16 - 00000000 ____D () C:\ProgramData\WildTangent
2014-06-21 15:19 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-20 22:14 - 2014-07-09 11:13 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-06-20 21:39 - 2014-07-09 11:13 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-06-20 16:03 - 2014-06-20 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-06-20 16:03 - 2014-06-20 16:03 - 00000000 ____D () C:\ProgramData\InstallMate
2014-06-20 16:03 - 2014-06-20 16:03 - 00000000 ____D () C:\Program Files (x86)\BillP Studios
2014-06-20 15:56 - 2014-06-20 15:56 - 00000000 ____D () C:\Users\smenz\AppData\Roaming\WinPatrol
2014-06-20 15:03 - 2012-06-08 10:48 - 01594892 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-06-20 14:53 - 2012-10-21 22:51 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-06-20 14:48 - 2014-06-20 14:48 - 00001071 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-06-19 11:53 - 2014-06-19 11:53 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-06-19 03:39 - 2014-07-09 11:13 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-19 03:06 - 2014-07-09 11:13 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-19 03:06 - 2014-07-09 11:13 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-19 02:48 - 2014-07-09 11:13 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-19 02:42 - 2014-07-09 11:13 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-19 02:42 - 2014-07-09 11:13 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-19 02:41 - 2014-07-09 11:13 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-06-19 02:41 - 2014-07-09 11:13 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-19 02:32 - 2014-07-09 11:13 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-19 02:31 - 2014-07-09 11:13 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-19 02:26 - 2014-07-09 11:13 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-19 02:24 - 2014-07-09 11:13 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-19 02:24 - 2014-07-09 11:13 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-19 02:23 - 2014-07-09 11:13 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-19 02:16 - 2014-07-09 11:13 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-19 02:14 - 2014-07-09 11:13 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-19 02:09 - 2014-07-09 11:13 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-19 01:59 - 2014-07-09 11:13 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 01:56 - 2014-07-09 11:13 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-19 01:53 - 2014-07-09 11:13 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-19 01:51 - 2014-07-09 11:13 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-19 01:50 - 2014-07-09 11:13 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-19 01:48 - 2014-07-09 11:13 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-19 01:39 - 2014-07-09 11:13 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-19 01:38 - 2014-07-09 11:13 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-19 01:37 - 2014-07-09 11:13 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-19 01:36 - 2014-07-09 11:13 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-06-19 01:35 - 2014-07-09 11:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-06-19 01:33 - 2014-07-09 11:13 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-19 01:32 - 2014-07-09 11:13 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-19 01:28 - 2014-07-09 11:13 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-19 01:28 - 2014-07-09 11:13 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-19 01:27 - 2014-07-09 11:13 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-19 01:27 - 2014-07-09 11:13 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-19 01:25 - 2014-07-09 11:13 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-19 01:23 - 2014-07-09 11:13 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-19 01:22 - 2014-07-09 11:13 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-06-19 01:12 - 2014-07-09 11:13 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-19 01:06 - 2014-07-09 11:13 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-19 01:01 - 2014-07-09 11:13 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-19 00:59 - 2014-07-09 11:13 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-19 00:58 - 2014-07-09 11:13 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-19 00:58 - 2014-07-09 11:13 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-19 00:52 - 2014-07-09 11:13 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-19 00:51 - 2014-07-09 11:13 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-19 00:49 - 2014-07-09 11:13 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-19 00:46 - 2014-07-09 11:13 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-06-19 00:45 - 2014-07-09 11:13 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-19 00:35 - 2014-07-09 11:13 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-19 00:34 - 2014-07-09 11:13 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-19 00:15 - 2014-07-09 11:13 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-19 00:13 - 2014-07-09 11:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-19 00:09 - 2014-07-09 11:13 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-19 00:07 - 2014-07-09 11:13 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-06-18 04:18 - 2014-07-09 11:14 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-06-18 03:51 - 2014-07-09 11:14 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-06-18 03:10 - 2014-07-09 11:14 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

Files to move or delete:
====================
C:\Users\smenz\AmazonMP3Downloader.exe
C:\Users\smenz\npAmazonMP3DownloaderPlugin101753.dll


Some content of TEMP:
====================
C:\Users\smenz\AppData\Local\Temp\hmpalert_update.exe
C:\Users\smenz\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-08 16:06

==================== End Of Log ============================
         
 
--- --- ---

--- --- ---


b.) Addition File

Code:
ATTFilter
     Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2014 01
Ran by smenz at 2014-07-17 23:38:19
Running from C:\Users\smenz\Desktop\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}

==================== Installed Programs ======================

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.83 - Atheros Communications)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CrystalDiskMark 3.0.3b (HKLM\...\CrystalDiskMark_is1) (Version: 3.0.3b - Crystal Dew World)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{3E90B7F4-1817-4405-B4A5-E4EA5EC0E2B3}) (Version: 1.6.225.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)
Dell Stage (HKLM-x32\...\{E2F57269-065E-4B19-8CDA-AB6C401FAF1A}) (Version: 1.7.209.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1207.101.225 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.01.17 - Creative Technology Ltd)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Emsisoft Anti-Malware (HKLM-x32\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 7.0 - Emsisoft GmbH)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version: Preview - Marek Jasinski)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.0 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java 8 Update 11 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418011FF}) (Version: 8.0.110 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.11.12 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)
Microsoft OneNote 2013 - de-de (HKLM\...\OneNoteFreeRetail - de-de) (Version: 15.0.4631.1002 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.20012 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.13000.0.11 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20500.9.16 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (x32 Version: 3.8.48.0 - Nokia) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version:  - Panda Security)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Similarity 1.8.1 (HKLM-x32\...\{6AF7A3DF-581E-4AB7-ACAF-2051FF7E8ACF}) (Version: 1.8.1626 - GAR Software)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.16500 - Nero AG)
SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29480 - TeamViewer)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 31.0.2014.0 - BillP Studios)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Restore Points  =========================

21-06-2014 14:50:05 Ende der Bereinigung
21-06-2014 15:06:31 Installed Java 8 Update 5 (64-bit)
24-06-2014 10:58:53 Windows Update
01-07-2014 11:48:44 Windows Update
08-07-2014 12:44:33 Windows Update
09-07-2014 13:00:51 Windows Update
16-07-2014 16:27:34 Windows Update
16-07-2014 16:31:07 Installed Java 8 Update 11 (64-bit)

==================== Hosts content: ==========================
So, jetzt setze ich Spyware Blaster und Emsisoft wieder in Kraft!


Eine gute Nacht,

solonia

Hallo lieber Schrauber,
es ist noch ein Problem aufgetaucht beim täglichen Scannen vom Emsisoft:

Hier das Logfiles:

Code:
ATTFilter
 Emsisoft Anti-Malware - Version 9.0
Letztes Update: 17.07.2014 23:53:09
Benutzerkonto: notebook-n5050\smenz

Scan Einstellungen:

Scan Methode: Smart Scan
Objekte: Rootkits, Speicher, Traces, C:\windows\, C:\Program Files\, C:\Program Files (x86)\

PUPs-Erkennung: An
Archiv Scan: Aus
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn:	18.07.2014 11:16:18
Value: HKEY_USERS\S-1-5-21-2732600908-1742709287-786376233-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR 	gefunden: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS 	gefunden: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-2732600908-1742709287-786376233-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS 	gefunden: Setting.DisableRegistryTools (A)

Gescannt	188148
Gefunden	3

Scan Ende:	18.07.2014 12:11:02
Scan Zeit:	0:54:44
Fund 1 liess sich in Quarantäne verschieben.
Fund 2 und 3 lässt sich nicht in Quarantäne verschieben. Nur löschen! Soll ich das tun?

Gruß,
solonia

Alt 19.07.2014, 05:49   #8
schrauber
/// the machine
/// TB-Ausbilder
 
Malwarebythe hat 3 verdächtige Elemente gefunden!Gmx-account ständig mit spam trotz Filter! - Standard

Malwarebythe hat 3 verdächtige Elemente gefunden!Gmx-account ständig mit spam trotz Filter!


Ja die kannste löschen lassen



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.07.2014, 21:04   #9
solonia
 
Malwarebythe hat 3 verdächtige Elemente gefunden!Gmx-account ständig mit spam trotz Filter! - Standard

Malwarebythe hat 3 verdächtige Elemente gefunden!Gmx-account ständig mit spam trotz Filter!


Lieber Schrauber,

hier kommen die Logs:

1) ESET

Code:
ATTFilter
  ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c3039f4e38913e42ab4df0b0a9042086
# engine=19253
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-19 07:03:31
# local_time=2014-07-19 09:03:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 109640 157426461 0 0
# compatibility_mode_1='Emsisoft Anti-Malware'
# compatibility_mode=16641 16777213 83 100 5515 207038899 0 0
# scanned=179826
# found=2
# cleaned=0
# scan_time=4998
sh=95ADC7925C2BB20FACE637E7031972F8E208FA33 ft=0 fh=0000000000000000 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx"
sh=9F9CF6762E257F68F6623E8B86E62819BB182C87 ft=0 fh=0000000000000000 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx"
2) Security Check:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Emsisoft Anti-Malware   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 SpywareBlaster 5.0    
 Secunia PSI (3.0.0.9016)   
 Java version out of Date! 
 Adobe Flash Player 14.0.0.145  
 Adobe Reader XI  
 Google Chrome 35.0.1916.114  
 Google Chrome 35.0.1916.153  
 Google Chrome 36.0.1985.125  
````````Process Check: objlist.exe by Laurent````````  
 Emsisoft Anti-Malware a2service.exe   
 Emsisoft Anti-Malware a2guard.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
3) FRST


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2014
Ran by smenz (administrator) on NOTEBOOK-N5050 on 19-07-2014 21:55:03
Running from C:\Users\smenz\Desktop\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieCrypto.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\32\SbieSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-13] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4841824 2014-07-09] (Emsisoft GmbH)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2732600908-1742709287-786376233-1000\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKU\S-1-5-21-2732600908-1742709287-786376233-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784392 2014-05-29] (Sandboxie Holdings, LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\smenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
Startup: C:\Users\smenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.11.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.11.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\smenz\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)

Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Users\smenz\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (HTTPS Everywhere) - C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2013-06-12]
CHR Extension: (AdBlock) - C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-06-12]
CHR Extension: (Ghostery) - C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-06-12]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4741384 2014-07-09] (Emsisoft GmbH)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-05-20] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [80032 2011-05-20] (Atheros Commnucations) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-07-18] (SurfRight B.V.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-07-18] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2013-03-15] (Windows (R) 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-03-15] (Paragon)
S1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-03-15] (Paragon)
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-18 12:11 - 2014-07-18 12:11 - 00002076 _____ () C:\Users\smenz\Desktop\a2scan_140718-111618.txt
2014-07-17 23:01 - 2014-07-17 23:01 - 00000625 _____ () C:\Users\smenz\Desktop\JRT.txt
2014-07-17 22:00 - 2014-07-17 22:03 - 00000000 ____D () C:\AdwCleaner
2014-07-17 21:59 - 2014-07-17 21:59 - 01348263 _____ () C:\Users\smenz\Desktop\adwcleaner_3.215.exe
2014-07-17 17:44 - 2014-07-17 17:44 - 00025355 _____ () C:\ComboFix.txt
2014-07-17 17:27 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-07-17 17:27 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-07-17 17:27 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-07-17 17:27 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-07-17 17:27 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-07-17 17:27 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-07-17 17:27 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-07-17 17:27 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-07-17 17:25 - 2014-07-17 17:45 - 00000000 ____D () C:\Qoobox
2014-07-17 13:05 - 2014-07-17 22:04 - 00001102 _____ () C:\windows\PFRO.log
2014-07-16 19:56 - 2014-07-19 21:55 - 00000000 ____D () C:\FRST
2014-07-16 18:32 - 2014-07-16 18:31 - 00321448 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-07-15 09:09 - 2014-07-19 19:19 - 00000616 _____ () C:\windows\setupact.log
2014-07-15 09:09 - 2014-07-15 09:09 - 00000000 _____ () C:\windows\setuperr.log
2014-07-09 11:14 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-09 11:14 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-09 11:14 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-09 11:14 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-09 11:14 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-09 11:14 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-09 11:14 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-09 11:14 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-09 11:13 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-09 11:13 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-09 11:13 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-09 11:13 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-09 11:13 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-09 11:13 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-09 11:13 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-09 11:13 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-09 11:13 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-09 11:13 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-09 11:13 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-09 11:13 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-09 11:13 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-09 11:13 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-09 11:13 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-09 11:13 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-09 11:13 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-09 11:13 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-09 11:13 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-09 11:13 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 11:13 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-09 11:13 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-09 11:13 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-09 11:13 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-09 11:13 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-09 11:13 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-09 11:13 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-09 11:13 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-09 11:13 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-09 11:13 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-09 11:13 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-09 11:13 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-09 11:13 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-09 11:13 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-09 11:13 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-09 11:13 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-09 11:13 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-09 11:13 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-09 11:13 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-09 11:13 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-09 11:13 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 11:13 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-09 11:13 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-09 11:13 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-09 11:13 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-09 11:13 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-09 11:13 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-09 11:13 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-09 11:13 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-09 11:13 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-09 11:13 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-09 11:13 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-09 11:13 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-09 11:13 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-09 11:13 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-09 11:13 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-09 11:13 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-09 11:13 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-09 11:13 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-09 11:13 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-09 11:13 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-09 11:13 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-09 11:13 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-09 11:13 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-07-09 11:13 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-07-09 11:13 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-07-09 11:13 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-07-09 11:13 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-07-09 11:13 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-07-09 11:13 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-07-09 11:12 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-09 11:12 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-07-09 11:12 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-07-03 15:37 - 2014-07-19 19:22 - 00000000 ____D () C:\windows\CryptoGuard
2014-07-03 15:37 - 2014-07-19 10:22 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2014-07-03 15:37 - 2014-07-18 11:23 - 00548424 _____ (SurfRight) C:\windows\system32\hmpalert.dll
2014-07-03 15:37 - 2014-07-18 11:23 - 00477008 _____ (SurfRight) C:\windows\SysWOW64\hmpalert.dll
2014-07-03 15:37 - 2014-07-18 11:23 - 00093144 _____ () C:\windows\system32\Drivers\hmpalert.sys
2014-07-03 15:37 - 2014-07-03 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2014-07-03 15:37 - 2014-07-03 15:37 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2014-06-21 21:16 - 2014-07-17 23:51 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-06-21 21:16 - 2014-06-21 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-06-21 21:16 - 2014-06-21 21:16 - 00000000 ____D () C:\ProgramData\Licenses
2014-06-21 21:16 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSSTDFMT.DLL
2014-06-21 16:49 - 2014-06-21 16:50 - 00001691 _____ () C:\DelFix.txt
2014-06-20 16:03 - 2014-06-20 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-06-20 16:03 - 2014-06-20 16:03 - 00000000 ____D () C:\ProgramData\InstallMate
2014-06-20 16:03 - 2014-06-20 16:03 - 00000000 ____D () C:\Program Files (x86)\BillP Studios
2014-06-20 15:56 - 2014-06-20 15:56 - 00000000 ____D () C:\Users\smenz\AppData\Roaming\WinPatrol
2014-06-20 15:14 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-06-20 15:14 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-06-20 15:03 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-06-20 15:03 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-06-20 15:03 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-06-20 15:03 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-06-20 15:03 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-06-20 15:03 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-06-20 15:03 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-06-20 15:03 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-06-20 15:03 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2014-06-20 15:03 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2014-06-20 15:03 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-06-20 15:03 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-06-20 15:03 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-06-20 15:03 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-06-20 15:03 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2014-06-20 15:03 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-06-20 15:01 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-06-20 15:01 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-06-20 14:55 - 2014-07-16 18:31 - 00191400 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-06-20 14:55 - 2014-07-16 18:31 - 00190888 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-06-20 14:55 - 2014-07-16 18:31 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2014-06-20 14:48 - 2014-06-20 14:48 - 00001071 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-06-19 11:53 - 2014-06-19 11:53 - 00000000 ____D () C:\ProgramData\Emsisoft

==================== One Month Modified Files and Folders =======

2014-07-19 21:55 - 2014-07-16 19:56 - 00000000 ____D () C:\FRST
2014-07-19 21:48 - 2012-10-19 15:42 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-19 21:43 - 2013-06-12 23:38 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-07-19 21:25 - 2012-07-04 16:43 - 01337223 _____ () C:\windows\WindowsUpdate.log
2014-07-19 21:19 - 2014-02-21 20:01 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-19 19:33 - 2012-07-04 19:31 - 00699666 _____ () C:\windows\system32\perfh007.dat
2014-07-19 19:33 - 2012-07-04 19:31 - 00149774 _____ () C:\windows\system32\perfc007.dat
2014-07-19 19:33 - 2009-07-14 07:13 - 01620612 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-19 19:27 - 2009-07-14 06:45 - 00020720 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-19 19:27 - 2009-07-14 06:45 - 00020720 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-19 19:22 - 2014-07-03 15:37 - 00000000 ____D () C:\windows\CryptoGuard
2014-07-19 19:22 - 2012-10-19 15:42 - 00001104 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-19 19:22 - 2012-07-04 17:32 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-07-19 19:22 - 2012-07-04 17:32 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-07-19 19:19 - 2014-07-15 09:09 - 00000616 _____ () C:\windows\setupact.log
2014-07-19 19:19 - 2012-07-04 17:21 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-07-19 19:19 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-19 10:22 - 2014-07-03 15:37 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2014-07-18 12:11 - 2014-07-18 12:11 - 00002076 _____ () C:\Users\smenz\Desktop\a2scan_140718-111618.txt
2014-07-18 11:23 - 2014-07-03 15:37 - 00548424 _____ (SurfRight) C:\windows\system32\hmpalert.dll
2014-07-18 11:23 - 2014-07-03 15:37 - 00477008 _____ (SurfRight) C:\windows\SysWOW64\hmpalert.dll
2014-07-18 11:23 - 2014-07-03 15:37 - 00093144 _____ () C:\windows\system32\Drivers\hmpalert.sys
2014-07-17 23:51 - 2014-06-21 21:16 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-07-17 23:51 - 2012-07-04 16:56 - 00000000 ____D () C:\ProgramData\Temp
2014-07-17 23:40 - 2014-06-11 15:29 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-17 23:01 - 2014-07-17 23:01 - 00000625 _____ () C:\Users\smenz\Desktop\JRT.txt
2014-07-17 22:04 - 2014-07-17 13:05 - 00001102 _____ () C:\windows\PFRO.log
2014-07-17 22:03 - 2014-07-17 22:00 - 00000000 ____D () C:\AdwCleaner
2014-07-17 21:59 - 2014-07-17 21:59 - 01348263 _____ () C:\Users\smenz\Desktop\adwcleaner_3.215.exe
2014-07-17 17:45 - 2014-07-17 17:25 - 00000000 ____D () C:\Qoobox
2014-07-17 17:44 - 2014-07-17 17:44 - 00025355 _____ () C:\ComboFix.txt
2014-07-17 17:39 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini
2014-07-16 21:42 - 2013-06-13 16:03 - 00000000 ____D () C:\Users\smenz\AppData\Roaming\Skype
2014-07-16 18:51 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\Speech
2014-07-16 18:31 - 2014-07-16 18:32 - 00321448 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-07-16 18:31 - 2014-06-20 14:55 - 00191400 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-07-16 18:31 - 2014-06-20 14:55 - 00190888 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-07-16 18:31 - 2014-06-20 14:55 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2014-07-16 18:31 - 2014-01-24 11:42 - 00000000 ____D () C:\Program Files\Java
2014-07-15 20:41 - 2012-10-20 20:53 - 00000000 ____D () C:\Users\smenz\Documents\My Kindle Content
2014-07-15 09:09 - 2014-07-15 09:09 - 00000000 _____ () C:\windows\setuperr.log
2014-07-14 09:50 - 2013-06-13 17:13 - 00004588 _____ () C:\windows\Sandboxie.ini
2014-07-13 17:07 - 2014-04-06 19:24 - 00077414 _____ () C:\Users\smenz\Desktop\Übersicht Prozessarbeit 2.xlsx
2014-07-12 18:50 - 2012-12-06 20:05 - 00000000 ____D () C:\Users\smenz\Documents\Booksmarks
2014-07-12 18:40 - 2012-11-29 22:16 - 00000000 ____D () C:\Users\smenz\Documents\ELLA
2014-07-12 18:25 - 2012-10-19 17:43 - 00000000 ____D () C:\Users\smenz\Documents\OneNote-Notizbücher
2014-07-12 12:45 - 2013-05-23 14:08 - 00000000 ____D () C:\Program Files\My Dell
2014-07-12 10:05 - 2013-05-23 14:09 - 00003440 _____ () C:\windows\System32\Tasks\PCDEventLauncherTask
2014-07-10 16:20 - 2012-10-19 18:36 - 00000000 ____D () C:\Users\smenz\AppData\Local\Microsoft Games
2014-07-10 13:32 - 2012-07-04 17:15 - 00000000 ____D () C:\ProgramData\Skype
2014-07-10 13:08 - 2014-05-19 00:35 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-07-09 17:00 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-07-09 15:25 - 2009-07-14 06:45 - 00492792 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-09 15:23 - 2014-05-07 02:27 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-09 15:23 - 2012-07-04 19:34 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 15:23 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-07-09 15:23 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\Dism
2014-07-09 15:12 - 2012-10-19 17:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 15:10 - 2013-08-15 21:53 - 00000000 ____D () C:\windows\system32\MRT
2014-07-09 15:04 - 2012-10-24 13:56 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-08 21:19 - 2014-02-21 20:01 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 21:19 - 2013-06-11 14:08 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 21:19 - 2013-06-11 14:08 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-05 00:10 - 2012-10-19 17:47 - 00000000 ____D () C:\Users\smenz\AppData\Local\CrashDumps
2014-07-04 09:42 - 2013-12-28 21:30 - 00469383 _____ () C:\Users\smenz\Desktop\Budget 2014.xlsx
2014-07-03 15:37 - 2014-07-03 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2014-07-03 15:37 - 2014-07-03 15:37 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2014-07-03 00:08 - 2014-05-31 19:53 - 00001104 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-01 18:58 - 2012-10-19 13:19 - 00000000 ___RD () C:\Users\smenz\Eigene Bilder
2014-06-30 04:09 - 2014-07-09 11:14 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-09 11:14 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-29 13:04 - 2013-07-02 18:12 - 00023731 _____ () C:\Users\smenz\Desktop\Books Releases.xlsx
2014-06-26 14:51 - 2013-06-17 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-26 14:51 - 2013-06-17 16:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-25 18:43 - 2012-10-19 15:42 - 00004104 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-25 18:43 - 2012-10-19 15:42 - 00003852 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-24 11:24 - 2012-07-04 19:34 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-22 20:06 - 2013-05-08 13:43 - 00000000 ____D () C:\Users\smenz\AppData\Local\Windows Live
2014-06-21 21:16 - 2014-06-21 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-06-21 21:16 - 2014-06-21 21:16 - 00000000 ____D () C:\ProgramData\Licenses
2014-06-21 16:50 - 2014-06-21 16:49 - 00001691 _____ () C:\DelFix.txt
2014-06-21 16:49 - 2014-06-17 15:16 - 00000000 ____D () C:\windows\ERUNT
2014-06-21 15:28 - 2012-07-04 16:57 - 00000000 ____D () C:\Program Files (x86)\Dell
2014-06-21 15:28 - 2012-07-04 16:52 - 00000000 ____D () C:\ProgramData\Dell
2014-06-21 15:19 - 2012-07-04 17:16 - 00000000 ____D () C:\ProgramData\WildTangent
2014-06-21 15:19 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-20 22:14 - 2014-07-09 11:13 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-06-20 21:39 - 2014-07-09 11:13 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-06-20 16:03 - 2014-06-20 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-06-20 16:03 - 2014-06-20 16:03 - 00000000 ____D () C:\ProgramData\InstallMate
2014-06-20 16:03 - 2014-06-20 16:03 - 00000000 ____D () C:\Program Files (x86)\BillP Studios
2014-06-20 15:56 - 2014-06-20 15:56 - 00000000 ____D () C:\Users\smenz\AppData\Roaming\WinPatrol
2014-06-20 15:03 - 2012-06-08 10:48 - 01594892 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-06-20 14:53 - 2012-10-21 22:51 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-06-20 14:48 - 2014-06-20 14:48 - 00001071 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-06-19 11:53 - 2014-06-19 11:53 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-06-19 03:39 - 2014-07-09 11:13 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-19 03:06 - 2014-07-09 11:13 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-19 03:06 - 2014-07-09 11:13 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-19 02:48 - 2014-07-09 11:13 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-19 02:42 - 2014-07-09 11:13 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-19 02:42 - 2014-07-09 11:13 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-19 02:41 - 2014-07-09 11:13 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-06-19 02:41 - 2014-07-09 11:13 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-19 02:32 - 2014-07-09 11:13 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-19 02:31 - 2014-07-09 11:13 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-19 02:26 - 2014-07-09 11:13 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-19 02:24 - 2014-07-09 11:13 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-19 02:24 - 2014-07-09 11:13 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-19 02:23 - 2014-07-09 11:13 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-19 02:16 - 2014-07-09 11:13 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-19 02:14 - 2014-07-09 11:13 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-19 02:09 - 2014-07-09 11:13 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-19 01:59 - 2014-07-09 11:13 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 01:56 - 2014-07-09 11:13 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-19 01:53 - 2014-07-09 11:13 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-19 01:51 - 2014-07-09 11:13 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-19 01:50 - 2014-07-09 11:13 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-19 01:48 - 2014-07-09 11:13 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-19 01:39 - 2014-07-09 11:13 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-19 01:38 - 2014-07-09 11:13 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-19 01:37 - 2014-07-09 11:13 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-19 01:36 - 2014-07-09 11:13 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-06-19 01:35 - 2014-07-09 11:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-06-19 01:33 - 2014-07-09 11:13 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-19 01:32 - 2014-07-09 11:13 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-19 01:28 - 2014-07-09 11:13 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-19 01:28 - 2014-07-09 11:13 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-19 01:27 - 2014-07-09 11:13 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-19 01:27 - 2014-07-09 11:13 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-19 01:25 - 2014-07-09 11:13 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-19 01:23 - 2014-07-09 11:13 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-19 01:22 - 2014-07-09 11:13 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-06-19 01:12 - 2014-07-09 11:13 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-19 01:06 - 2014-07-09 11:13 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-19 01:01 - 2014-07-09 11:13 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-19 00:59 - 2014-07-09 11:13 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-19 00:58 - 2014-07-09 11:13 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-19 00:58 - 2014-07-09 11:13 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-19 00:52 - 2014-07-09 11:13 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-19 00:51 - 2014-07-09 11:13 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-19 00:49 - 2014-07-09 11:13 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-19 00:46 - 2014-07-09 11:13 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-06-19 00:45 - 2014-07-09 11:13 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-19 00:35 - 2014-07-09 11:13 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-19 00:34 - 2014-07-09 11:13 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-19 00:15 - 2014-07-09 11:13 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-19 00:13 - 2014-07-09 11:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-19 00:09 - 2014-07-09 11:13 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-19 00:07 - 2014-07-09 11:13 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll

Files to move or delete:
====================
C:\Users\smenz\AmazonMP3Downloader.exe
C:\Users\smenz\npAmazonMP3DownloaderPlugin101753.dll


Some content of TEMP:
====================
C:\Users\smenz\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-18 14:21

==================== End Of Log ======================
--- --- ---

--- --- ---
[/CODE]


Additon.text

Code:
ATTFilter
   Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2014
Ran by smenz at 2014-07-19 21:56:08
Running from C:\Users\smenz\Desktop\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}

==================== Installed Programs ======================

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.83 - Atheros Communications)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CrystalDiskMark 3.0.3b (HKLM\...\CrystalDiskMark_is1) (Version: 3.0.3b - Crystal Dew World)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{3E90B7F4-1817-4405-B4A5-E4EA5EC0E2B3}) (Version: 1.6.225.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)
Dell Stage (HKLM-x32\...\{E2F57269-065E-4B19-8CDA-AB6C401FAF1A}) (Version: 1.7.209.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1207.101.225 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.01.17 - Creative Technology Ltd)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Emsisoft Anti-Malware (HKLM-x32\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 7.0 - Emsisoft GmbH)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version: Preview - Marek Jasinski)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.0 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java 8 Update 11 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418011FF}) (Version: 8.0.110 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.11.12 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)
Microsoft OneNote 2013 - de-de (HKLM\...\OneNoteFreeRetail - de-de) (Version: 15.0.4631.1002 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.20012 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.13000.0.11 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20500.9.16 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (x32 Version: 3.8.48.0 - Nokia) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version:  - Panda Security)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Similarity 1.8.1 (HKLM-x32\...\{6AF7A3DF-581E-4AB7-ACAF-2051FF7E8ACF}) (Version: 1.8.1626 - GAR Software)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.16500 - Nero AG)
SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29480 - TeamViewer)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 31.0.2014.0 - BillP Studios)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Restore Points  =========================

21-06-2014 14:50:05 Ende der Bereinigung
21-06-2014 15:06:31 Installed Java 8 Update 5 (64-bit)
24-06-2014 10:58:53 Windows Update
01-07-2014 11:48:44 Windows Update
08-07-2014 12:44:33 Windows Update
09-07-2014 13:00:51 Windows Update
16-07-2014 16:27:34 Windows Update
16-07-2014 16:31:07 Installed Java 8 Update 11 (64-bit)

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-06-10 22:45 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0FEEEA04-5676-445A-A8C5-A3B262C3676D} - System32\Tasks\{98A8DF74-175B-46BD-B27C-63F076F8CBC1} => C:\Users\smenz\Desktop\Downloads\chrome_installer._29.0.1547.62.exe
Task: {11BCC9FF-6624-48DD-A0A9-037105613877} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {1D2279FA-E30C-4583-B25F-D8871A93935D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {6EE831A9-50B2-4E89-938F-C09D46ED9487} - System32\Tasks\Biokiste
Task: {73EDA546-2E35-4DFE-9DFE-323240375C74} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {743DBCE6-710E-4116-9160-59116FF78576} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {81496DCF-48B1-4D1B-A59B-2FC4684165F3} - System32\Tasks\4738 => Wscript.exe C:\Users\smenz\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {88934B5D-3A30-4964-A7AD-DCE10B1709D8} - System32\Tasks\{B72AFCD4-E9CC-42D5-9E1D-F4C58D94F474} => C:\Users\smenz\Desktop\Downloads\29.0.1547.62_chrome_installer.exe
Task: {A6C4A12D-F8BD-46DC-9D2C-9BF4D9C98EB0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-19] (Google Inc.)
Task: {B7A8C558-1DAF-4343-8811-351E571DADB8} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {C2A00A65-5F98-46E1-B0FB-ED6F70A8A0C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-19] (Google Inc.)
Task: {C6954E15-5EED-4EFE-95A4-FEFA870CBD6F} - System32\Tasks\{F281CD6B-FAB1-4399-B6BC-BA15860083ED} => Chrome.exe hxxp://ui.skype.com/ui/0/6.10.0.104/de/abandoninstall?source=lightinstaller&amp;page=tsPlugin
Task: {DB3B2A75-3AEB-44F9-85D7-8E3762D8F03C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {E62B8B67-FCF3-4289-BCF3-1DB775EA6E99} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-06-19] (Microsoft Corporation)
Task: {E915B3D3-B247-4A09-9A8D-B3CE418243A0} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {F4030E34-1D21-44A0-8659-C82CB656DF86} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-05-19 00:35 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-07-04 17:21 - 2012-01-27 04:49 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2012-07-04 19:06 - 2011-03-26 03:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-06-18 16:21 - 2014-06-18 16:21 - 00703800 _____ () C:\Program Files (x86)\Emsisoft Anti-Malware\fw32.dll
2014-02-12 16:32 - 2014-02-12 16:32 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3e27ac2000641918e7215d97c63e957d\IsdiInterop.ni.dll
2012-07-04 16:47 - 2011-01-13 00:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-06-18 22:09 - 2014-06-18 22:09 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-07-17 13:25 - 2014-07-15 11:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-17 13:25 - 2014-07-15 11:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-17 13:25 - 2014-07-15 11:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-17 13:25 - 2014-07-15 11:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-17 13:25 - 2014-07-15 11:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^Users^smenz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
MSCONFIG\startupreg: Desktop Disc Tool => "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: NeroLauncher => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
MSCONFIG\startupreg: RoxWatchTray => "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Stage Remote => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/19/2014 09:38:50 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/19/2014 07:34:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/19/2014 07:33:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/19/2014 07:33:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/19/2014 07:33:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/19/2014 07:21:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/19/2014 10:24:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/18/2014 11:16:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/19/2014 07:20:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
UimBus
Uim_IM
Uim_VIM

Error: (07/19/2014 07:19:54 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "\\?\Volume{9ed98651-c5e5-11e1-a61e-806e6f6e6963}" können nicht gelesen werden.

Error: (07/19/2014 10:23:08 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
UimBus
Uim_IM
Uim_VIM

Error: (07/19/2014 10:22:59 AM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "\\?\Volume{9ed98651-c5e5-11e1-a61e-806e6f6e6963}" können nicht gelesen werden.

Error: (07/18/2014 11:15:23 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
UimBus
Uim_IM
Uim_VIM

Error: (07/18/2014 11:15:12 AM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "\\?\Volume{9ed98651-c5e5-11e1-a61e-806e6f6e6963}" können nicht gelesen werden.


Microsoft Office Sessions:
=========================
Error: (07/19/2014 09:38:50 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (07/19/2014 07:34:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\smenz\Desktop\Downloads\esetsmartinstaller_deu.exe

Error: (07/19/2014 07:33:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\smenz\Desktop\Downloads\esetsmartinstaller_deu.exe

Error: (07/19/2014 07:33:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\smenz\Desktop\Downloads\esetsmartinstaller_deu.exe

Error: (07/19/2014 07:33:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\smenz\Desktop\Downloads\esetsmartinstaller_deu.exe

Error: (07/19/2014 07:21:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/19/2014 10:24:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/18/2014 11:16:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-07-19 19:19:48.713
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-19 10:22:54.820
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-18 11:15:07.120
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-17 22:04:27.087
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-17 13:28:46.151
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-17 13:05:31.260
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-16 18:51:52.287
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-16 18:22:35.151
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-15 16:22:47.855
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-15 11:37:16.933
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 51%
Total physical RAM: 4004.27 MB
Available physical RAM: 1947.06 MB
Total Pagefile: 8006.73 MB
Available Pagefile: 5497.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:446.13 GB) (Free:390.78 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C3D31F70)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=446 GB) - (Type=07 NTFS)

==================== End Of Log =============

Ob ich noch Probleme habe, wird sich wohl in den nächsten 24-26 STD herausstellen. Sage dann Bescheid.

Einen guten Abend noch,

solonia

Alt 20.07.2014, 16:36   #10
schrauber
/// the machine
/// TB-Ausbilder
 
Malwarebythe hat 3 verdächtige Elemente gefunden!Gmx-account ständig mit spam trotz Filter! - Standard

Malwarebythe hat 3 verdächtige Elemente gefunden!Gmx-account ständig mit spam trotz Filter!


Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de

Java updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\External Extensions
C:\Users\smenz\AmazonMP3Downloader.exe
C:\Users\smenz\npAmazonMP3DownloaderPlugin101753.dll

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.



Dann warte ich mal auf Rückmeldung.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.07.2014, 19:20   #11
solonia
 
Malwarebythe hat 3 verdächtige Elemente gefunden!Gmx-account ständig mit spam trotz Filter! - Standard

Malwarebythe hat 3 verdächtige Elemente gefunden!Gmx-account ständig mit spam trotz Filter!


Lieber Schrauber,

FRAGEN ÜBER FRAGEN und Probleme beim Installieren von Google Chrome! Ich bin verunsichert und auch etwas genervt. Deshalb habe ich Chrome erneut mit dem Uninstaller entfernt und nochmal neu installiert.

0) Javas-Script upgedatet. Übrigens datet es trotz Einstellung auf automatisch update nicht! Wo liegt da der Fehler?

Vorweg: Wäre es nicht schlauer Firefox zu installieren? Anscheinend haben meine wiederkehrende Probleme mit Google Chrome zu tun?
Aber dann müßte ich die Sandboxie Einstellung ändern und ich weiss nicht wie, um im Firefox sicher mit der Sandboxie zu surfen!

1) Also, beim Öffnen des Google Chrome neu installiert treten folgende Probleme auf:

a) Google Chrome ist nicht mehr über mein Sandboxie Symbol zu öffnen.
Es erscheint Sandboxie Fenster: Fehler SBIE2314 Process abbrechen ieplorer.exe

b) beim Google chrome öffnen direkt über Google Chrome Button erscheint

als erstes erscheint Fenster von Chrome: "Profil konnte nicht ordnungsgemäß geöffnet werden. Möglicherweise stehen nicht alle Funktionen zur Verfügung."

Auf OKAY geklickt. Internet gibt dazu einen Grund an, eine Anleitungu, die aber nicht funktioniert hat.

als zweites erscheint Sandboxie-Fenster SBIE2314 - chmstp.exe, auch geschlossen

Jetzt frage ich mich, habe ich was beim deinstallieren und neu installieren falsch gemacht.

2)das habe ich konkret beim Deinstallieren und Neuinstallieren gemacht:

a)Revouninstaller installiert, Manual etwas gelesen

Google Chrome über erweiterte Uninstall-Modus deinstalliert.

b)Während der Deinstallation tauchte ein Fenster von Emsisoft auf: Programm versucht, einen Autostart Eintrag zu manipulieren:
C/Program Files(x86)/.. /Applications/36.0.1985/Installer/setup.exe

c)Werde gefragt, blockieren für immer, erlauben für einmal/immer und habe mich für Blockade immer entschieden! Hm, was das vielleicht der FEhler?

d) Computer neugestartet und Papierkorb gelöscht!

e) Chrome neu installiert
f) Wieder Popup Emsisoft Programm versucht, Autoeintrag zu manipulieren. C/user/smenz/AppData/Local/Temp/CR_8EB30.temp/setup.exe

immer erlauben angeklickt! Und die Probleme siehe oben sind da!

Ich habe den Eintrag unter Windows plus R noch nicht gemacht!

Was mache ich jetzt? Bin überfragt und hilflos! Freue mich über weitere Anweisungen!

3) Mit der Frage noch Probleme, wie stelle ich das am besten fest? Tipps ... surfen umfangreich? Malwarebyte laufen lassen, Emsisoft?

Vielen Dank für die Hilfe bisher und ich freu mich über weitere Hilfe! Bin irgendwie sehr unsicher, ob ich etwas falsch gemacht habe?

4) Habe Einstellungen von Chrome zurückgesetzt. Dann Chrome als Standardbrowser festgelegt.

Jetzt geht gar nichts mehr. Ich kann Chrome weder über die Sandbox noch über Google Chrome öffnen! Was ist jetzt los?

Update 20.48 Uhr: habe jetzt Computer neu gestartet. Und dann Google Chrome über Verknüpfung Untere Windowsleiste gestartet. Ging wieder. Aber wenn ich über Sandboxie starten will, geht es hinterher auch nicht mehr über Google Chrome direkt! Was ist das los und die Lesezeichen sind auch weiterhin dann wieder weg und die bekannten Fenster tauchen wieder auf. Dieses Mal nur das mit .. Profil kann nicht ordnungsgemäß geöffnet werden. Seltsam!



Bis bald,
solonia
Geändert von solonia (20.07.2014 um 19:48 Uhr)

Alt 21.07.2014, 10:50   #12
schrauber
/// the machine
/// TB-Ausbilder
 
Malwarebythe hat 3 verdächtige Elemente gefunden!Gmx-account ständig mit spam trotz Filter! - Standard

Malwarebythe hat 3 verdächtige Elemente gefunden!Gmx-account ständig mit spam trotz Filter!


Zitat:
0) Javas-Script upgedatet. Übrigens datet es trotz Einstellung auf automatisch update nicht! Wo liegt da der Fehler?

Vorweg: Wäre es nicht schlauer Firefox zu installieren? Anscheinend haben meine wiederkehrende Probleme mit Google Chrome zu tun?
Aber dann müßte ich die Sandboxie Einstellung ändern und ich weiss nicht wie, um im Firefox sicher mit der Sandboxie zu surfen!
Java Problem ansich. Chrome sollte aber danach tun. Firefox ist gleichwertig, mit Sandboxie kenn ich mich leider gar nicht aus.
Zitat:
c)Werde gefragt, blockieren für immer, erlauben für einmal/immer und habe mich für Blockade immer entschieden! Hm, was das vielleicht der FEhler?
Das war der Fehler
Deinstallier Chrome mit Revo, schalte Emsisoft kurz ab, 10 Minuten sollten reichen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 21.07.2014, 12:24   #13
solonia
 
Malwarebythe hat 3 verdächtige Elemente gefunden!Gmx-account ständig mit spam trotz Filter! - Standard

Malwarebythe hat 3 verdächtige Elemente gefunden!Gmx-account ständig mit spam trotz Filter!


Hallo lieber Schrauber!

Es klappt weiterhin nicht! Was mache ich bloß falsch!

Habe jetzt zweimal Chrome gelöscht und wieder installiert.

Also, ich habe Emsisoft deaktiviert! Chrome Google uninstalled mit Revo!

Währenddessen ging ein IE Fenster auf, Umfrage, warum ich Chrome nicht mehr will. Habe das einmal ausgefüllt und einmal ignoriert!

Dann sind die Dateien aufgepoppt bei Revo:

a) C/user/smenz/AppData/Local/Google/Chrome/UserData
und
b) c/user/smenz/AppData/Roaming/Microsoft/Internet Explorer/Quick Launch/Google/Chrome.InK

habe beide gelöscht! Richtig?Falsch? Und was soll Eintrag B???

Dann Chrome dieses Mal direkt bei Chrome runtergeladen! War kein Hinweis, ob das jetzt die 64bit Version ist für Windows 7! Spielt das vielleicht eine Rolle?

Währenddessen war Emsisoft deaktiviert!

Und wieder kommt die Meldung .. Profil konnte nicht ordnungsgemäß geöffnet werden!


Muss ich vielleicht zusätzlich winpatrol, spyblaster sowie Firewall bei der Installation auch deaktivierten? HitmanPro?

Zur Sicherheit habe ich trotzdem eine neues FRST Log erstellt:

a) Normal Log:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2014
Ran by smenz (administrator) on NOTEBOOK-N5050 on 21-07-2014 13:08:49
Running from C:\Users\smenz\Desktop\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieCrypto.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-13] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4841824 2014-07-09] (Emsisoft GmbH)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2732600908-1742709287-786376233-1000\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKU\S-1-5-21-2732600908-1742709287-786376233-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784392 2014-05-29] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2732600908-1742709287-786376233-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\smenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.11.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.11.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\smenz\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)

==================== Services (Whitelisted) =================

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4741384 2014-07-09] (Emsisoft GmbH)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-05-20] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [80032 2011-05-20] (Atheros Commnucations) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-07-18] (SurfRight B.V.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-07-18] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2013-03-15] (Windows (R) 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-03-15] (Paragon)
S1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-03-15] (Paragon)
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-21 13:08 - 2014-07-21 13:08 - 00002249 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-21 13:08 - 2014-07-21 13:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-21 12:27 - 2014-07-21 12:27 - 00000000 ____D () C:\Program Files (x86)\Ruiware
2014-07-20 19:25 - 2014-07-20 19:25 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-07-20 19:25 - 2014-07-20 19:25 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-07-20 19:25 - 2014-07-20 19:25 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-07-20 19:25 - 2014-07-20 19:25 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-20 19:25 - 2014-07-20 19:25 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-20 18:39 - 2014-07-20 18:40 - 00000000 ____D () C:\Users\smenz\Desktop\Usefuls PDF´s
2014-07-20 18:36 - 2014-07-20 18:36 - 00000000 ____D () C:\Users\smenz\AppData\Roaming\VSRevoGroup
2014-07-20 18:21 - 2014-07-20 18:21 - 00001266 _____ () C:\Users\smenz\Desktop\Revo Uninstaller.lnk
2014-07-20 18:21 - 2014-07-20 18:21 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-17 22:00 - 2014-07-17 22:03 - 00000000 ____D () C:\AdwCleaner
2014-07-17 17:44 - 2014-07-17 17:44 - 00025355 _____ () C:\ComboFix.txt
2014-07-17 17:27 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-07-17 17:27 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-07-17 17:27 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-07-17 17:27 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-07-17 17:27 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-07-17 17:27 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-07-17 17:27 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-07-17 17:27 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-07-17 17:25 - 2014-07-17 17:45 - 00000000 ____D () C:\Qoobox
2014-07-17 13:05 - 2014-07-21 12:48 - 00002594 _____ () C:\windows\PFRO.log
2014-07-16 19:56 - 2014-07-21 13:08 - 00000000 ____D () C:\FRST
2014-07-16 18:32 - 2014-07-16 18:31 - 00321448 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-07-15 09:09 - 2014-07-21 12:48 - 00001064 _____ () C:\windows\setupact.log
2014-07-15 09:09 - 2014-07-15 09:09 - 00000000 _____ () C:\windows\setuperr.log
2014-07-09 11:14 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-09 11:14 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-09 11:14 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-09 11:14 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-09 11:14 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-09 11:14 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-09 11:14 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-09 11:14 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-09 11:13 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-09 11:13 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-09 11:13 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-09 11:13 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-09 11:13 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-09 11:13 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-09 11:13 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-09 11:13 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-09 11:13 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-09 11:13 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-09 11:13 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-09 11:13 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-09 11:13 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-09 11:13 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-09 11:13 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-09 11:13 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-09 11:13 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-09 11:13 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-09 11:13 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-09 11:13 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 11:13 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-09 11:13 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-09 11:13 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-09 11:13 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-09 11:13 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-09 11:13 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-09 11:13 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-09 11:13 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-09 11:13 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-09 11:13 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-09 11:13 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-09 11:13 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-09 11:13 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-09 11:13 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-09 11:13 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-09 11:13 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-09 11:13 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-09 11:13 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-09 11:13 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-09 11:13 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-09 11:13 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 11:13 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-09 11:13 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-09 11:13 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-09 11:13 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-09 11:13 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-09 11:13 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-09 11:13 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-09 11:13 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-09 11:13 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-09 11:13 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-09 11:13 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-09 11:13 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-09 11:13 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-09 11:13 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-09 11:13 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-09 11:13 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-09 11:13 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-09 11:13 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-09 11:13 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-09 11:13 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-09 11:13 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-09 11:13 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-09 11:13 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-07-09 11:13 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-07-09 11:13 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-07-09 11:13 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-07-09 11:13 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-07-09 11:13 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-07-09 11:13 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-07-09 11:12 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-09 11:12 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-07-09 11:12 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-07-03 15:37 - 2014-07-21 12:49 - 00000000 ____D () C:\windows\CryptoGuard
2014-07-03 15:37 - 2014-07-19 10:22 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2014-07-03 15:37 - 2014-07-18 11:23 - 00548424 _____ (SurfRight) C:\windows\system32\hmpalert.dll
2014-07-03 15:37 - 2014-07-18 11:23 - 00477008 _____ (SurfRight) C:\windows\SysWOW64\hmpalert.dll
2014-07-03 15:37 - 2014-07-18 11:23 - 00093144 _____ () C:\windows\system32\Drivers\hmpalert.sys
2014-07-03 15:37 - 2014-07-03 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2014-07-03 15:37 - 2014-07-03 15:37 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2014-06-21 21:16 - 2014-07-17 23:51 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-06-21 21:16 - 2014-06-21 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-06-21 21:16 - 2014-06-21 21:16 - 00000000 ____D () C:\ProgramData\Licenses
2014-06-21 21:16 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSSTDFMT.DLL
2014-06-21 16:49 - 2014-06-21 16:50 - 00001691 _____ () C:\DelFix.txt

==================== One Month Modified Files and Folders =======

2014-07-21 13:08 - 2014-07-21 13:08 - 00002249 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-21 13:08 - 2014-07-21 13:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-21 13:08 - 2014-07-16 19:56 - 00000000 ____D () C:\FRST
2014-07-21 13:08 - 2012-10-19 15:42 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-21 12:56 - 2009-07-14 06:45 - 00020720 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-21 12:56 - 2009-07-14 06:45 - 00020720 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-21 12:54 - 2013-06-12 23:38 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-07-21 12:52 - 2012-07-04 16:43 - 01430074 _____ () C:\windows\WindowsUpdate.log
2014-07-21 12:49 - 2014-07-03 15:37 - 00000000 ____D () C:\windows\CryptoGuard
2014-07-21 12:48 - 2014-07-17 13:05 - 00002594 _____ () C:\windows\PFRO.log
2014-07-21 12:48 - 2014-07-15 09:09 - 00001064 _____ () C:\windows\setupact.log
2014-07-21 12:48 - 2012-10-19 15:42 - 00001104 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-21 12:48 - 2012-07-04 17:32 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-07-21 12:48 - 2012-07-04 17:32 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-07-21 12:48 - 2012-07-04 17:21 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-07-21 12:48 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-21 12:27 - 2014-07-21 12:27 - 00000000 ____D () C:\Program Files (x86)\Ruiware
2014-07-21 12:27 - 2014-06-20 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-07-21 12:27 - 2014-06-20 16:03 - 00000000 ____D () C:\ProgramData\InstallMate
2014-07-21 10:49 - 2012-10-19 15:42 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-20 23:19 - 2014-02-21 20:01 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-20 22:34 - 2013-06-13 17:13 - 00004668 _____ () C:\windows\Sandboxie.ini
2014-07-20 21:32 - 2013-06-13 16:03 - 00000000 ____D () C:\Users\smenz\AppData\Roaming\Skype
2014-07-20 19:28 - 2012-10-19 17:47 - 00000000 ____D () C:\Users\smenz\AppData\Local\CrashDumps
2014-07-20 19:26 - 2013-12-25 09:57 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-20 19:25 - 2014-07-20 19:25 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-07-20 19:25 - 2014-07-20 19:25 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-07-20 19:25 - 2014-07-20 19:25 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-07-20 19:25 - 2014-07-20 19:25 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-20 19:25 - 2014-07-20 19:25 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-20 18:40 - 2014-07-20 18:39 - 00000000 ____D () C:\Users\smenz\Desktop\Usefuls PDF´s
2014-07-20 18:36 - 2014-07-20 18:36 - 00000000 ____D () C:\Users\smenz\AppData\Roaming\VSRevoGroup
2014-07-20 18:23 - 2012-12-06 20:05 - 00000000 ____D () C:\Users\smenz\Documents\Booksmarks
2014-07-20 18:21 - 2014-07-20 18:21 - 00001266 _____ () C:\Users\smenz\Desktop\Revo Uninstaller.lnk
2014-07-20 18:21 - 2014-07-20 18:21 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-19 19:33 - 2012-07-04 19:31 - 00699666 _____ () C:\windows\system32\perfh007.dat
2014-07-19 19:33 - 2012-07-04 19:31 - 00149774 _____ () C:\windows\system32\perfc007.dat
2014-07-19 19:33 - 2009-07-14 07:13 - 01620612 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-19 10:22 - 2014-07-03 15:37 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2014-07-18 11:23 - 2014-07-03 15:37 - 00548424 _____ (SurfRight) C:\windows\system32\hmpalert.dll
2014-07-18 11:23 - 2014-07-03 15:37 - 00477008 _____ (SurfRight) C:\windows\SysWOW64\hmpalert.dll
2014-07-18 11:23 - 2014-07-03 15:37 - 00093144 _____ () C:\windows\system32\Drivers\hmpalert.sys
2014-07-17 23:51 - 2014-06-21 21:16 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-07-17 23:51 - 2012-07-04 16:56 - 00000000 ____D () C:\ProgramData\Temp
2014-07-17 23:40 - 2014-06-11 15:29 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-17 22:03 - 2014-07-17 22:00 - 00000000 ____D () C:\AdwCleaner
2014-07-17 17:45 - 2014-07-17 17:25 - 00000000 ____D () C:\Qoobox
2014-07-17 17:44 - 2014-07-17 17:44 - 00025355 _____ () C:\ComboFix.txt
2014-07-17 17:39 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini
2014-07-16 18:51 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\Speech
2014-07-16 18:31 - 2014-07-16 18:32 - 00321448 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-07-16 18:31 - 2014-06-20 14:55 - 00191400 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-07-16 18:31 - 2014-06-20 14:55 - 00190888 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-07-16 18:31 - 2014-06-20 14:55 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2014-07-16 18:31 - 2014-01-24 11:42 - 00000000 ____D () C:\Program Files\Java
2014-07-15 20:41 - 2012-10-20 20:53 - 00000000 ____D () C:\Users\smenz\Documents\My Kindle Content
2014-07-15 09:09 - 2014-07-15 09:09 - 00000000 _____ () C:\windows\setuperr.log
2014-07-13 17:07 - 2014-04-06 19:24 - 00077414 _____ () C:\Users\smenz\Desktop\Übersicht Prozessarbeit 2.xlsx
2014-07-12 18:40 - 2012-11-29 22:16 - 00000000 ____D () C:\Users\smenz\Documents\ELLA
2014-07-12 18:25 - 2012-10-19 17:43 - 00000000 ____D () C:\Users\smenz\Documents\OneNote-Notizbücher
2014-07-12 12:45 - 2013-05-23 14:08 - 00000000 ____D () C:\Program Files\My Dell
2014-07-12 10:05 - 2013-05-23 14:09 - 00003440 _____ () C:\windows\System32\Tasks\PCDEventLauncherTask
2014-07-10 16:20 - 2012-10-19 18:36 - 00000000 ____D () C:\Users\smenz\AppData\Local\Microsoft Games
2014-07-10 13:32 - 2012-07-04 17:15 - 00000000 ____D () C:\ProgramData\Skype
2014-07-10 13:08 - 2014-05-19 00:35 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-07-09 17:00 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-07-09 15:25 - 2009-07-14 06:45 - 00492792 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-09 15:23 - 2014-05-07 02:27 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-09 15:23 - 2012-07-04 19:34 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 15:23 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-07-09 15:23 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\Dism
2014-07-09 15:12 - 2012-10-19 17:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 15:10 - 2013-08-15 21:53 - 00000000 ____D () C:\windows\system32\MRT
2014-07-09 15:04 - 2012-10-24 13:56 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-08 21:19 - 2014-02-21 20:01 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 21:19 - 2013-06-11 14:08 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 21:19 - 2013-06-11 14:08 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-04 09:42 - 2013-12-28 21:30 - 00469383 _____ () C:\Users\smenz\Desktop\Budget 2014.xlsx
2014-07-03 15:37 - 2014-07-03 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2014-07-03 15:37 - 2014-07-03 15:37 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2014-07-03 00:08 - 2014-05-31 19:53 - 00001104 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-01 18:58 - 2012-10-19 13:19 - 00000000 ___RD () C:\Users\smenz\Eigene Bilder
2014-06-30 04:09 - 2014-07-09 11:14 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-09 11:14 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-29 13:04 - 2013-07-02 18:12 - 00023731 _____ () C:\Users\smenz\Desktop\Books Releases.xlsx
2014-06-26 14:51 - 2013-06-17 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-26 14:51 - 2013-06-17 16:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-25 18:43 - 2012-10-19 15:42 - 00004104 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-25 18:43 - 2012-10-19 15:42 - 00003852 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-24 11:24 - 2012-07-04 19:34 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-22 20:06 - 2013-05-08 13:43 - 00000000 ____D () C:\Users\smenz\AppData\Local\Windows Live
2014-06-21 21:16 - 2014-06-21 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-06-21 21:16 - 2014-06-21 21:16 - 00000000 ____D () C:\ProgramData\Licenses
2014-06-21 16:50 - 2014-06-21 16:49 - 00001691 _____ () C:\DelFix.txt
2014-06-21 16:49 - 2014-06-17 15:16 - 00000000 ____D () C:\windows\ERUNT
2014-06-21 15:28 - 2012-07-04 16:57 - 00000000 ____D () C:\Program Files (x86)\Dell
2014-06-21 15:28 - 2012-07-04 16:52 - 00000000 ____D () C:\ProgramData\Dell
2014-06-21 15:19 - 2012-07-04 17:16 - 00000000 ____D () C:\ProgramData\WildTangent
2014-06-21 15:19 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

Files to move or delete:
====================
C:\Users\smenz\AmazonMP3Downloader.exe
C:\Users\smenz\npAmazonMP3DownloaderPlugin101753.dll


Some content of TEMP:
====================
C:\Users\smenz\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-18 14:21

==================== End Of Log ============================
--- --- ---
[/CODE]

b) Addition Log:

Code:
ATTFilter
   Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2014
Ran by smenz at 2014-07-21 13:10:21
Running from C:\Users\smenz\Desktop\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}

==================== Installed Programs ======================

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.83 - Atheros Communications)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CrystalDiskMark 3.0.3b (HKLM\...\CrystalDiskMark_is1) (Version: 3.0.3b - Crystal Dew World)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{3E90B7F4-1817-4405-B4A5-E4EA5EC0E2B3}) (Version: 1.6.225.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)
Dell Stage (HKLM-x32\...\{E2F57269-065E-4B19-8CDA-AB6C401FAF1A}) (Version: 1.7.209.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1207.101.225 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.01.17 - Creative Technology Ltd)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Emsisoft Anti-Malware (HKLM-x32\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 7.0 - Emsisoft GmbH)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version: Preview - Marek Jasinski)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.0 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java 8 Update 11 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418011FF}) (Version: 8.0.110 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.11.12 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)
Microsoft OneNote 2013 - de-de (HKLM\...\OneNoteFreeRetail - de-de) (Version: 15.0.4631.1002 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.20012 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.13000.0.11 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20500.9.16 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (x32 Version: 3.8.48.0 - Nokia) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version:  - Panda Security)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Similarity 1.8.1 (HKLM-x32\...\{6AF7A3DF-581E-4AB7-ACAF-2051FF7E8ACF}) (Version: 1.8.1626 - GAR Software)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.16500 - Nero AG)
SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29480 - TeamViewer)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Restore Points  =========================

24-06-2014 10:58:53 Windows Update
01-07-2014 11:48:44 Windows Update
08-07-2014 12:44:33 Windows Update
09-07-2014 13:00:51 Windows Update
16-07-2014 16:27:34 Windows Update
16-07-2014 16:31:07 Installed Java 8 Update 11 (64-bit)
20-07-2014 16:43:32 Revo Uninstaller's restore point - Google Chrome
20-07-2014 17:24:31 Installed Java 7 Update 65
20-07-2014 17:43:54 Revo Uninstaller's restore point - Google Chrome
20-07-2014 17:51:21 Revo Uninstaller's restore point - Google Chrome
21-07-2014 10:39:04 Revo Uninstaller's restore point - Google Chrome
21-07-2014 11:02:55 Revo Uninstaller's restore point - Google Chrome

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-06-10 22:45 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0FEEEA04-5676-445A-A8C5-A3B262C3676D} - System32\Tasks\{98A8DF74-175B-46BD-B27C-63F076F8CBC1} => C:\Users\smenz\Desktop\Downloads\chrome_installer._29.0.1547.62.exe
Task: {11BCC9FF-6624-48DD-A0A9-037105613877} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {1D2279FA-E30C-4583-B25F-D8871A93935D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {6EE831A9-50B2-4E89-938F-C09D46ED9487} - System32\Tasks\Biokiste
Task: {73EDA546-2E35-4DFE-9DFE-323240375C74} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {743DBCE6-710E-4116-9160-59116FF78576} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {81496DCF-48B1-4D1B-A59B-2FC4684165F3} - System32\Tasks\4738 => Wscript.exe C:\Users\smenz\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {88934B5D-3A30-4964-A7AD-DCE10B1709D8} - System32\Tasks\{B72AFCD4-E9CC-42D5-9E1D-F4C58D94F474} => C:\Users\smenz\Desktop\Downloads\29.0.1547.62_chrome_installer.exe
Task: {A6C4A12D-F8BD-46DC-9D2C-9BF4D9C98EB0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-19] (Google Inc.)
Task: {B7A8C558-1DAF-4343-8811-351E571DADB8} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {C2A00A65-5F98-46E1-B0FB-ED6F70A8A0C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-19] (Google Inc.)
Task: {C6954E15-5EED-4EFE-95A4-FEFA870CBD6F} - System32\Tasks\{F281CD6B-FAB1-4399-B6BC-BA15860083ED} => Chrome.exe hxxp://ui.skype.com/ui/0/6.10.0.104/de/abandoninstall?source=lightinstaller&amp;page=tsPlugin
Task: {DB3B2A75-3AEB-44F9-85D7-8E3762D8F03C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {E62B8B67-FCF3-4289-BCF3-1DB775EA6E99} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-06-19] (Microsoft Corporation)
Task: {E915B3D3-B247-4A09-9A8D-B3CE418243A0} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {F4030E34-1D21-44A0-8659-C82CB656DF86} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-05-19 00:35 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-07-04 17:21 - 2012-01-27 04:49 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2012-07-04 19:06 - 2011-03-26 03:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-06-18 16:21 - 2014-06-18 16:21 - 00703800 _____ () C:\Program Files (x86)\Emsisoft Anti-Malware\fw32.dll
2014-02-12 16:32 - 2014-02-12 16:32 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3e27ac2000641918e7215d97c63e957d\IsdiInterop.ni.dll
2012-07-04 16:47 - 2011-01-13 00:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^Users^smenz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
MSCONFIG\startupreg: Desktop Disc Tool => "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: NeroLauncher => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
MSCONFIG\startupreg: RoxWatchTray => "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Stage Remote => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/21/2014 00:50:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2014 00:49:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/21/2014 00:23:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2014 10:28:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2014 08:44:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2014 08:40:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2014 07:57:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2014 07:28:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chromeinstall-7u65.exe, Version: 7.0.650.20, Zeitstempel: 0x53bfd1c0
Name des fehlerhaften Moduls: chromeinstall-7u65.exe, Version: 7.0.650.20, Zeitstempel: 0x53bfd1c0
Ausnahmecode: 0xc0000409
Fehleroffset: 0x00012635
ID des fehlerhaften Prozesses: 0x1318
Startzeit der fehlerhaften Anwendung: 0xchromeinstall-7u65.exe0
Pfad der fehlerhaften Anwendung: chromeinstall-7u65.exe1
Pfad des fehlerhaften Moduls: chromeinstall-7u65.exe2
Berichtskennung: chromeinstall-7u65.exe3

Error: (07/20/2014 07:01:44 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/20/2014 06:55:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/21/2014 00:48:32 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
UimBus
Uim_IM
Uim_VIM

Error: (07/21/2014 00:48:21 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "\\?\Volume{9ed98651-c5e5-11e1-a61e-806e6f6e6963}" können nicht gelesen werden.

Error: (07/21/2014 00:22:05 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
UimBus
Uim_IM
Uim_VIM

Error: (07/21/2014 00:21:51 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "\\?\Volume{9ed98651-c5e5-11e1-a61e-806e6f6e6963}" können nicht gelesen werden.

Error: (07/21/2014 10:56:15 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (07/21/2014 10:56:15 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (07/21/2014 10:26:33 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
UimBus
Uim_IM
Uim_VIM

Error: (07/21/2014 10:26:24 AM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "\\?\Volume{9ed98651-c5e5-11e1-a61e-806e6f6e6963}" können nicht gelesen werden.

Error: (07/20/2014 08:43:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
UimBus
Uim_IM
Uim_VIM

Error: (07/20/2014 08:42:56 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "\\?\Volume{9ed98651-c5e5-11e1-a61e-806e6f6e6963}" können nicht gelesen werden.


Microsoft Office Sessions:
=========================
Error: (07/21/2014 00:50:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2014 00:49:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\smenz\Desktop\Downloads\esetsmartinstaller_deu.exe

Error: (07/21/2014 00:23:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2014 10:28:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2014 08:44:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2014 08:40:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2014 07:57:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2014 07:28:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chromeinstall-7u65.exe7.0.650.2053bfd1c0chromeinstall-7u65.exe7.0.650.2053bfd1c0c000040900012635131801cfa43fd738a97cC:\Users\smenz\Desktop\Downloads\chromeinstall-7u65.exeC:\Users\smenz\Desktop\Downloads\chromeinstall-7u65.exe32bb8e51-1033-11e4-8eae-844bf557795c

Error: (07/20/2014 07:01:44 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\smenz\Desktop\Downloads\esetsmartinstaller_deu.exe

Error: (07/20/2014 06:55:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-07-21 12:48:15.995
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-21 12:21:47.494
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-21 10:26:19.335
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-20 20:42:51.118
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-20 20:38:25.760
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-20 19:55:29.797
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-20 18:53:21.917
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-20 16:01:22.132
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-19 19:19:48.713
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-19 10:22:54.820
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 35%
Total physical RAM: 4004.27 MB
Available physical RAM: 2573.11 MB
Total Pagefile: 8006.73 MB
Available Pagefile: 5972.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:446.13 GB) (Free:390.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C3D31F70)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=446 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Hoffentlich kriegen wir das in den Griff!

Danke für die weitere Unterstützung!

Gruß,
solonia

Alt 21.07.2014, 14:02   #14
schrauber
/// the machine
/// TB-Ausbilder
 
Malwarebythe hat 3 verdächtige Elemente gefunden!Gmx-account ständig mit spam trotz Filter! - Standard

Malwarebythe hat 3 verdächtige Elemente gefunden!Gmx-account ständig mit spam trotz Filter!


Hast Du Chrome auch komplett zurückgesetzt, wie im Link oben von mir angegeben?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 21.07.2014, 20:45   #15
solonia
 
Malwarebythe hat 3 verdächtige Elemente gefunden!Gmx-account ständig mit spam trotz Filter! - Standard

Malwarebythe hat 3 verdächtige Elemente gefunden!Gmx-account ständig mit spam trotz Filter!


Hallo lieber Schrauber!

Also, ich habe die Einstellungen zurückgesetzt und es hat sich trotzdem nichts getan.

Jetzt habe ich in der Sandboxie-Einstellungen allerdings ein Haken gemacht unter Einstellungen/Anwendungen/Browser/Google den kompletten Zugriff auf den Profilordner erlauben!

So, diese Fenstermeldung .. Profilordner ... erscheint jetzt nicht mehr. Aber die andere Meldung SBIE2314 chmstp.exe erscheint nach wie vor! Und wenn ich die Lesezeichen lade, sind diese beim nächsten Öffnen wieder weg.

Habe dann alle Einstellungen erneut zurückgesetzt, den Verlauf geleert und den Laptop neu gestartet. Wieder die gleichen Probleme. Zur Sicherheit habe ich das Problem auch im Sandboxie-Forum eben gepostet!

Was jetzt?

Vorher gab es nie Probleme, wenn chrome upgedatet wurde. Kann es nicht sein, dass ich durch die erweiterten Revouninstaller auch an irgendwelchen Einstellungen gedreht wurde. Oder sehe ich jetzt einfach nur Elefanten, wo gar keine sind!

Bin frustriert! Möchte gerne die Probleme lösen!

Was soll ich jetzt weiter tun? Ein frisches FRST Log oder die Werkseinstellungen von dem Router zurücksetzen?

Oder mit folgenden Anweisungen fortfahren:

Zitat:
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code: Alles auswählenAufklappen
C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\External Extensions
C:\Users\smenz\AmazonMP3Downloader.exe
C:\Users\smenz\npAmazonMP3DownloaderPlugin101753.dll


Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Starte nun FRST erneut und klicke den Fix Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.





Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.
Macht das überhaupt jetzt schon Sinn, solange die Probleme mit dem Google Chrome noch nicht gelöst sind?


Bis dann,
solonia

P.S. Nachtrag:

Ich habe eben die Meldungen ieplore.exe und chrmstp.exe wegbekommen aufgrund Ausprobieren von Veränderungen in der Sandboxie-Grundeinstellungen! Ich werde jetzt mal die PC runterfahren und dann testen, ob das alles so bleibt! Ob die Lesezeichen bleiben etc.!

Die Fenster sind weg, doch Chrome Google verhält sich als ob er jedes Mal neugestartet wird und ich muss sagen, ob ich mich anmelden will, dann erscheinen die Lesezeichen.

Wie auch immer:

ich habe jetzt das Fixlog erstellt - trotzdem:

Code:
ATTFilter
  Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-07-2014
Ran by smenz at 2014-07-21 17:04:34 Run:1
Running from C:\Users\smenz\Desktop\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\External Extensions
C:\Users\smenz\AmazonMP3Downloader.exe
C:\Users\smenz\npAmazonMP3DownloaderPlugin101753.dll
*****************

"C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\External Extensions" => File/Directory not found.
C:\Users\smenz\AmazonMP3Downloader.exe => Moved successfully.
C:\Users\smenz\npAmazonMP3DownloaderPlugin101753.dll => Moved successfully.

==== End of Fixlog ====
So, mit dem TFC wartet ich jetzt noch auf Ihre Rückmeldung!

Bis dann und danke für Ihre so schnelle Rückmeldungen heute!

Gruß,
solonia

Nachtrag 21.42 Uhr:

Google Chrome öffnet sich jetzt ohne zusätzliche Fenster. Aber egal, welche Einstellungen ich vornehme, wenn ich die Fenster schliesse und später wieder öffne, sind die alle vorgenommene Einstellungen wie Lesezeichen immer anzeigen, individuelle Startseite, erweiterte Sicherheitseinstellungen weg. Habe den Chrome mehrmals zurückgesetzt. Hat nichts geholfen!

Und jetzt?

Bis dann, Solonia
Geändert von solonia (21.07.2014 um 16:07 Uhr)

Antwort
Seite 1 von 4 1 23 Letzte »

Themen zu Malwarebythe hat 3 verdächtige Elemente gefunden!Gmx-account ständig mit spam trotz Filter!
automatische, backup/setmuilanguage.exe, backup/toaster.exe, blacklist, detected, gefährlich?, löschen, malwarebytes, objekte: rootkits, pup.optional.outbrowse, quarantäne, regeln, setting.disableregistrytools, setting.disabletaskmgr, spam, speicher, traces, webseiten, win32/sweetim.l, windows, windows 7, windows live, windows live mail


« Trojaner Artemis!29760C4C151F eingefangen | Dieses Programm wurde durch Gruppenrechtlinien blockiert..... »


Ähnliche Themen: Malwarebythe hat 3 verdächtige Elemente gefunden!Gmx-account ständig mit spam trotz Filter!


  1. Spam Mail vom eigenen Yahoo Account erhalten - Account gehackt?
    Log-Analyse und Auswertung - 28.08.2015 (8)
  2. Windows7 64Bit: mit malwarebyts schädliche Elemente gefunden, außerdem wurde eine "Telekom-Rechnung" mit Anhang geöffnet.
    Plagegeister aller Art und deren Bekämpfung - 05.12.2014 (5)
  3. Verdächtige aktivität nach aufruf einer Spam seite
    Plagegeister aller Art und deren Bekämpfung - 04.09.2014 (1)
  4. Malwarebytes hat eine verdächtige Datei gefunden
    Log-Analyse und Auswertung - 24.06.2014 (9)
  5. AOL Account sendet Spam-Mails in meinem Namen, Malware gefunden, nicht zu entfernen
    Plagegeister aller Art und deren Bekämpfung - 28.04.2014 (5)
  6. Malwarebytes hat verdächtige Dateien gefunden - bin nicht sicher wie ich damit umgehen soll.
    Log-Analyse und Auswertung - 29.01.2014 (7)
  7. Spam Mail über GMX Account
    Plagegeister aller Art und deren Bekämpfung - 05.01.2013 (9)
  8. YahooMail-Account schickt Spam Mails an alle Kontaktdaten / Abmeldung vom Account nicht moeglich!
    Log-Analyse und Auswertung - 01.06.2012 (1)
  9. Windows Live account verschickt spam trotz Kennwort änderung.
    Plagegeister aller Art und deren Bekämpfung - 20.05.2012 (2)
  10. Account hat spam-emails verschickt
    Log-Analyse und Auswertung - 21.11.2011 (11)
  11. spam-mail über mein web.de-account versendet, spam-mail auch im gesendet Ordner
    Log-Analyse und Auswertung - 16.11.2011 (3)
  12. Account gehackt, trotz großer Vorsicht!
    Log-Analyse und Auswertung - 03.01.2011 (1)
  13. Benötige Hilfe - Adware und Elemente von Spyware wurden gefunden
    Plagegeister aller Art und deren Bekämpfung - 18.08.2007 (2)
  14. Rootkitrevealer-Meldung – nur "verdächtige Elemente" oder Problem?
    Plagegeister aller Art und deren Bekämpfung - 25.06.2007 (2)
  15. Spam-Filter bei freenet.de
    Überwachung, Datenschutz und Spam - 16.01.2004 (2)
  16. SPAM-Filter das die Mails schon am Server löschen kann?
    Überwachung, Datenschutz und Spam - 15.06.2003 (5)
  17. Spam-Filter verärgert britische Abgeordnete
    Überwachung, Datenschutz und Spam - 10.02.2003 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Malwarebythe hat 3 verdächtige Elemente gefunden!Gmx-account ständig mit spam trotz Filter! - Liebe Mitarbeiter des Trojanerboardes, beim wöchentlichen Checkup meines PC mit Malwarebyte sind drei Elemente gefunden worden. Habe alle in die Quarantäne geschoben und hier ist das Protokol davon: Code: Alles - Malwarebythe hat 3 verdächtige Elemente gefunden!Gmx-account ständig mit spam trotz Filter!...
Archiv
Du betrachtest: Malwarebythe hat 3 verdächtige Elemente gefunden!Gmx-account ständig mit spam trotz Filter! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130