Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows 7: Internet Explorer startet automatisch Werbung/ Webseiten werden auf Werbung umgeleitet

Windows 7: Internet Explorer startet automatisch Werbung/ Webseiten werden auf Werbung umgeleitet


Log-Analyse und Auswertung: Windows 7: Internet Explorer startet automatisch Werbung/ Webseiten werden auf Werbung umgeleitet

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 17.07.2014, 16:31   #1
ihansklaus
 
Windows 7: Internet Explorer startet automatisch Werbung/ Webseiten werden auf Werbung umgeleitet - Standard

Windows 7: Internet Explorer startet automatisch Werbung/ Webseiten werden auf Werbung umgeleitet


Hallo Leute,

zuerst einmal Klasse das es solche Foren gibt und das sich Leute finden, die sich den Problemen von weniger fachkundigen Menschen annehmen. Danke!

Ich hab folgendes Problem:

Mein Internet Explorer (den ich nie nutze) startet automatisch und ruft dabei immer Werbung auf. Auch nach dem schließen dieser Seiten öffnen sich nach einiger Zeit wieder neue Werbeseiten. Mein Hauptbrowser Opera ist auch betroffen. Er öffnet ebenfalls Werbung, ist langsam geworden etc.

Ich habe mir die Anleitung durchgelesen, wie jetzt fortgefahren werden soll. Ich versuche alles zu beachten. Sollte jedoch etwas falsch verstanden wurden sein bitte nicht böse sein. Wie gesagt, bin kein Fachmann.

defogger:
Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:58 on 17/07/2014 (Rico)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST:
Zitat:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01
Ran by Rico (administrator) on RICO-PC on 17-07-2014 17:00:19
Running from C:\Users\Rico\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Fuyu LIMITED) C:\ProgramData\WindowsProtectManger\wprotectmanager.exe
() C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
() C:\Program Files (x86)\Opera\22.0.1471.50\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2012-04-04] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-04] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [77824 2014-06-07] (Apple Computer, Inc.)
HKLM-x32\...\Run: [BrowserSafeguard Update Task] => C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe [3692544 2014-07-17] ()
HKU\S-1-5-21-1296850485-3907825808-2435419184-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\SupTab\SearchProtect64.dll => C:\Program Files (x86)\SupTab\SearchProtect64.dll [102512 2014-05-08] (Skytech Co., Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SearchProtect32.dll => C:\Program Files (x86)\SupTab\SearchProtect32.dll [91248 2014-05-08] (Skytech Co., Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Rico\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:49156;https=127.0.0.1:49156
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3323829&octid=EB_ORIGINAL_CTID&ISID=M9FD30DC1-0F75-48F8-B665-1DE3C683EBE0&SearchSource=55&CUI=&UM=6&UP=SPAD8AFDB2-2C9B-48A0-86C2-DE4DD2757C4C&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x005ADF4C7C42CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1403081456&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1403081456&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1403081456&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1403081456&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1403081456&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1403081456&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1403081456&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1403081456&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1403081456&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57&q={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3323829&octid=EB_ORIGINAL_CTID&ISID=M9FD30DC1-0F75-48F8-B665-1DE3C683EBE0&SearchSource=58&CUI=&UM=6&UP=SPAD8AFDB2-2C9B-48A0-86C2-DE4DD2757C4C&q={searchTerms}&SSPV=
SearchScopes: HKCU - URL hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SPEFC849AC-009D-49B5-B945-6CD5047C9535&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3323829&octid=EB_ORIGINAL_CTID&ISID=M9FD30DC1-0F75-48F8-B665-1DE3C683EBE0&SearchSource=58&CUI=&UM=6&UP=SPAD8AFDB2-2C9B-48A0-86C2-DE4DD2757C4C&q={searchTerms}&SSPV=
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1403081456&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.0.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.0.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-03-22]

Chrome:
=======
CHR HomePage: hxxp://istart.webssearches.com/?type=hppp&ts=1405608273&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57
CHR StartupUrls: "hxxp://istart.webssearches.com/?type=hppp&ts=1405608273&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57"
CHR DefaultSearchKeyword: webssearches
CHR DefaultSearchProvider: webssearches
CHR DefaultSearchURL: hxxp://istart.webssearches.com/web/?type=dspp&ts=1405608273&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57&q={searchTerms}
CHR Extension: (Google Docs) - C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-17]
CHR Extension: (Google Drive) - C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-17]
CHR Extension: (YouTube) - C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-17]
CHR Extension: (Google-Suche) - C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-17]
CHR Extension: (Adobe Acrobat – PDF-Datei erstellen) - C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-07-17]
CHR Extension: (Google Wallet) - C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-17]
CHR Extension: (Google Mail) - C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-17]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]

==================== Services (Whitelisted) =================

S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-07-17] (globalUpdate) [File not signed]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [704112 2014-05-08] (Cherished Technololgy LIMITED)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 WindowsProtectManger; C:\ProgramData\WindowsProtectManger\wprotectmanager.exe [591776 2014-06-12] (Fuyu LIMITED)

==================== Drivers (Whitelisted) ====================

R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-18] (Disc Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-17 17:00 - 2014-07-17 17:01 - 00017266 _____ () C:\Users\Rico\Downloads\FRST.txt
2014-07-17 17:00 - 2014-07-17 17:00 - 00000000 ____D () C:\FRST
2014-07-17 16:59 - 2014-07-17 16:59 - 02086912 _____ (Farbar) C:\Users\Rico\Downloads\FRST64.exe
2014-07-17 16:58 - 2014-07-17 16:58 - 00000470 _____ () C:\Users\Rico\Downloads\defogger_disable.log
2014-07-17 16:58 - 2014-07-17 16:58 - 00000168 _____ () C:\Users\Rico\defogger_reenable
2014-07-17 16:57 - 2014-07-17 16:57 - 00050477 _____ () C:\Users\Rico\Downloads\Defogger.exe
2014-07-17 16:57 - 2014-07-17 16:57 - 00021312 _____ () C:\Users\Rico\Desktop\scanbericht.txt
2014-07-17 16:48 - 2014-07-17 16:48 - 00021312 _____ () C:\ComboFix.txt
2014-07-17 16:44 - 2014-07-17 16:44 - 00000056 _____ () C:\Windows\setupact.log
2014-07-17 16:44 - 2014-07-17 16:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-17 16:43 - 2014-07-17 16:43 - 00006882 _____ () C:\Windows\PFRO.log
2014-07-17 16:32 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-17 16:32 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-17 16:32 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-17 16:32 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-17 16:32 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-17 16:32 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-17 16:32 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-17 16:32 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-17 16:30 - 2014-07-17 16:48 - 00000000 ____D () C:\Qoobox
2014-07-17 16:30 - 2014-07-17 16:47 - 00000000 ____D () C:\Windows\erdnt
2014-07-17 16:28 - 2014-07-17 16:28 - 00003114 _____ () C:\Windows\System32\Tasks\{A5DB3CBF-5CD9-4D0C-A0CE-2315700566F5}
2014-07-17 16:26 - 2014-07-17 16:26 - 00000000 ____D () C:\ProgramData\374311380
2014-07-17 16:25 - 2014-07-17 16:27 - 05221938 ____R (Swearware) C:\Users\Rico\Downloads\ComboFix.exe
2014-07-17 16:24 - 2014-07-17 16:26 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-17 16:24 - 2014-07-17 16:25 - 00003238 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-07-17 16:24 - 2014-07-17 16:24 - 00000000 ____D () C:\Users\Rico\Documents\Optimizer Pro
2014-07-17 16:22 - 2014-07-17 16:22 - 00002251 _____ () C:\Users\Rico\Desktop\Google Chrome.lnk
2014-07-17 16:18 - 2014-07-17 16:44 - 00000944 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-07-17 16:18 - 2014-07-17 16:23 - 00000948 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-07-17 16:18 - 2014-07-17 16:18 - 00003946 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-07-17 16:18 - 2014-07-17 16:18 - 00003692 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-07-17 16:18 - 2014-07-17 16:18 - 00000000 ____D () C:\Users\Rico\AppData\Local\globalUpdate
2014-07-17 16:18 - 2014-07-17 16:18 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-07-17 16:17 - 2014-07-17 16:17 - 00004198 _____ () C:\Windows\System32\Tasks\BrowserSafeguard Update Task
2014-07-17 16:17 - 2014-07-17 16:17 - 00003398 _____ () C:\Windows\System32\Tasks\BrowserSafeguard
2014-07-17 16:17 - 2014-07-17 16:17 - 00000000 ____D () C:\Program Files (x86)\Browsersafeguard
2014-07-17 16:15 - 2014-07-17 16:15 - 00240504 _____ (System Applet ) C:\Users\Rico\Downloads\setup.exe
2014-07-17 15:41 - 2014-07-17 15:41 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-17 15:41 - 2014-07-17 15:41 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-17 15:41 - 2014-07-17 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-17 15:41 - 2014-07-17 15:41 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-17 15:39 - 2014-07-17 15:40 - 04812672 _____ (Piriform Ltd) C:\Users\Rico\Downloads\ccsetup415.exe
2014-07-17 14:41 - 2014-07-17 14:41 - 00000687 _____ () C:\awh10A2.tmp
2014-07-17 12:49 - 2014-07-17 12:49 - 00000687 _____ () C:\awhECE.tmp
2014-07-16 12:45 - 2014-07-16 12:45 - 00000687 _____ () C:\awhC9D.tmp
2014-07-15 10:15 - 2014-07-15 10:15 - 00000687 _____ () C:\awh878.tmp
2014-07-14 15:57 - 2014-07-14 18:57 - 00074626 _____ () C:\Users\Rico\Desktop\Projektphasen.pptx
2014-07-14 13:54 - 2014-07-14 13:54 - 00000687 _____ () C:\awh8A7.tmp
2014-07-11 16:37 - 2014-07-17 16:30 - 01043188 _____ () C:\Users\Rico\AppData\Local\uucbbppw.gss
2014-07-11 16:37 - 2014-07-17 16:30 - 00184320 _____ () C:\Users\Rico\AppData\Local\uucbbppw.gdb
2014-07-10 20:19 - 2014-07-10 20:19 - 00000687 _____ () C:\awh962.tmp
2014-07-10 17:55 - 2014-07-10 19:15 - 00000000 ____D () C:\Users\Rico\Desktop\Zeug für Bewerbung
2014-07-10 14:52 - 2014-07-10 14:52 - 00000687 _____ () C:\awh1FA0.tmp
2014-07-09 11:46 - 2014-07-09 11:46 - 00002832 _____ () C:\Users\Rico\Downloads\Antwort_ 7_1 Schland.zip
2014-07-09 11:20 - 2014-07-09 11:20 - 00000687 _____ () C:\awh9829.tmp
2014-07-09 09:37 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 09:37 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 09:37 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 09:37 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 09:37 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 09:37 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 09:37 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 09:37 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 09:37 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 09:37 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 09:37 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 09:37 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 09:37 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 09:37 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 09:37 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 09:37 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 09:37 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 09:37 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 09:37 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 09:37 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 09:37 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 09:37 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 09:37 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 09:37 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 09:37 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 09:37 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 09:37 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 09:37 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 09:37 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 09:37 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 09:37 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 09:37 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 09:37 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 09:37 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 09:37 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 09:37 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 09:37 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 09:37 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 09:37 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 09:37 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 09:37 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 09:37 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 09:37 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 09:37 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 09:37 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 09:37 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 09:37 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 09:37 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 09:37 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 09:37 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 09:37 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 09:37 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 09:37 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 09:37 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 09:37 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 09:37 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 09:37 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 09:37 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 09:37 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 09:37 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 09:36 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 09:36 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 09:36 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 09:36 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 09:36 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-09 09:29 - 2014-07-09 09:29 - 00000687 _____ () C:\awh6F2.tmp
2014-07-08 16:51 - 2014-07-10 20:48 - 00000000 ____D () C:\Users\Rico\Desktop\Samson
2014-07-07 19:39 - 2014-07-07 19:39 - 00000687 _____ () C:\awh34F4.tmp
2014-07-07 13:57 - 2014-07-07 13:57 - 00000687 _____ () C:\awh1D30.tmp
2014-07-07 10:02 - 2014-07-07 10:02 - 00000687 _____ () C:\awhFD03.tmp
2014-07-07 09:08 - 2014-07-07 09:08 - 00000687 _____ () C:\awh1C27.tmp
2014-07-06 21:48 - 2014-07-06 21:49 - 21169658 _____ () C:\Users\Rico\Downloads\PDFverkleinern_flv.mp4
2014-07-06 21:43 - 2014-07-06 21:43 - 00009002 _____ () C:\Users\Rico\Documents\Application_Rico Wildner_South Africa.pdf.accreport.html
2014-07-06 20:58 - 2014-07-06 20:58 - 00000687 _____ () C:\awh5791.tmp
2014-07-06 20:57 - 2014-07-06 20:57 - 00000000 ____D () C:\Users\Rico\Desktop\PA MA-Bau
2014-07-06 20:10 - 2014-07-10 20:46 - 00000000 ____D () C:\Users\Rico\Desktop\South Africa
2014-07-06 19:53 - 2014-07-06 19:53 - 00014201 _____ () C:\Users\Rico\Downloads\AW_ letter of motivation.zip
2014-07-06 18:33 - 2014-07-06 18:33 - 00000687 _____ () C:\awh981.tmp
2014-07-06 18:15 - 2014-07-06 18:15 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-07-06 18:15 - 2014-07-06 18:15 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-07-06 11:59 - 2014-07-06 11:59 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-07-06 11:35 - 2014-07-06 11:35 - 00000687 _____ () C:\awh20D8.tmp
2014-07-05 15:02 - 2014-07-05 15:08 - 00000000 ____D () C:\Users\Rico\Documents\Wohnung
2014-07-05 12:43 - 2014-07-05 12:43 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-07-05 12:43 - 2014-07-05 12:43 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-07-05 12:43 - 2014-07-05 12:43 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-07-05 12:43 - 2014-07-05 12:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-07-02 17:27 - 2014-07-02 17:27 - 00003164 _____ () C:\Windows\System32\Tasks\{1F6C3454-9EA5-4C60-9934-47B8882F17C4}
2014-07-02 14:21 - 2014-07-02 14:21 - 00000687 _____ () C:\awhEC9F.tmp
2014-07-01 13:38 - 2014-07-01 13:38 - 00000687 _____ () C:\awhE7EE.tmp
2014-06-30 20:56 - 2014-06-30 20:56 - 00009470 _____ () C:\Users\Rico\Desktop\Mietaufstellung.xlsx
2014-06-30 18:01 - 2014-06-30 18:01 - 00000687 _____ () C:\awhEAAC.tmp
2014-06-30 08:43 - 2014-06-30 08:43 - 00000687 _____ () C:\awhEEA2.tmp
2014-06-30 06:48 - 2014-06-30 06:48 - 00000687 _____ () C:\awhE8E7.tmp
2014-06-29 20:06 - 2014-06-29 20:06 - 00000687 _____ () C:\awhEC60.tmp
2014-06-29 16:34 - 2014-06-29 16:34 - 00000687 _____ () C:\awhEC51.tmp
2014-06-29 09:00 - 2014-06-29 09:00 - 00010116 _____ () C:\Users\Rico\Documents\Uninstall STAR WARS The Old Republic.log
2014-06-29 08:17 - 2014-06-29 08:17 - 00000687 _____ () C:\awhE407.tmp
2014-06-27 12:05 - 2014-06-27 12:05 - 00000687 _____ () C:\awh28F.tmp
2014-06-26 12:06 - 2014-06-26 12:07 - 00029732 _____ () C:\Program.RPT
2014-06-26 09:02 - 2014-06-26 09:02 - 00000687 _____ () C:\awhE9C2.tmp
2014-06-25 23:04 - 2014-06-25 23:04 - 00011009 _____ () C:\Users\Rico\Desktop\urlaub.xlsx
2014-06-25 09:48 - 2014-06-25 09:48 - 00000687 _____ () C:\awhF23A.tmp
2014-06-24 15:52 - 2014-06-24 15:52 - 00000687 _____ () C:\awhF0E3.tmp
2014-06-24 07:57 - 2014-06-24 07:57 - 00000687 _____ () C:\awhF1CD.tmp
2014-06-23 09:23 - 2014-06-23 09:23 - 00000687 _____ () C:\awh2D46.tmp
2014-06-22 08:54 - 2014-06-22 08:54 - 00000687 _____ () C:\awhEACB.tmp
2014-06-22 02:09 - 2014-06-22 02:09 - 00000687 _____ () C:\awhF0B4.tmp
2014-06-21 15:29 - 2014-06-21 15:29 - 00000687 _____ () C:\awh1756.tmp
2014-06-20 22:35 - 2014-06-20 22:35 - 00000687 _____ () C:\awh7FB.tmp
2014-06-20 11:49 - 2014-06-20 11:49 - 00000687 _____ () C:\awh20F7.tmp
2014-06-20 11:40 - 2014-06-20 11:40 - 00013356 _____ () C:\Program1.RPT
2014-06-20 08:43 - 2014-06-20 08:43 - 00000687 _____ () C:\awhAAA.tmp
2014-06-19 14:10 - 2014-06-19 14:10 - 00000687 _____ () C:\awhFC48.tmp
2014-06-19 09:43 - 2014-06-19 09:43 - 00000687 _____ () C:\awh1286.tmp
2014-06-19 09:41 - 2014-06-19 09:41 - 00000000 ____D () C:\Program Files (x86)\JoWood
2014-06-19 09:14 - 2014-06-19 09:20 - 00000000 ____D () C:\Program Files (x86)\System
2014-06-19 09:12 - 2014-06-19 09:12 - 00000687 _____ () C:\awh14E6.tmp
2014-06-19 09:02 - 2014-06-19 09:02 - 00003122 _____ () C:\Windows\System32\Tasks\{AE5FA679-FE10-4403-8E7D-392B1E842DF5}
2014-06-19 08:49 - 2014-06-19 08:49 - 00000687 _____ () C:\awh1045.tmp
2014-06-18 20:32 - 2014-06-18 20:32 - 00000000 ____D () C:\Program Files (x86)\predm
2014-06-18 20:28 - 2014-06-18 20:28 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-06-18 20:22 - 2014-06-18 20:22 - 00002988 _____ () C:\Windows\System32\Tasks\{7636DEA2-C3A4-41C6-AF19-19915C43506E}
2014-06-18 20:19 - 2014-06-18 20:19 - 00000687 _____ () C:\awhF2D6.tmp
2014-06-18 20:17 - 2014-06-18 20:17 - 00008192 _____ () C:\Windows\d3dx.dat
2014-06-18 20:15 - 2014-06-18 20:15 - 00002988 _____ () C:\Windows\System32\Tasks\{98C19DD3-808B-429F-BE86-25D4C401916B}
2014-06-18 20:13 - 2014-06-18 20:13 - 00002988 _____ () C:\Windows\System32\Tasks\{35941D3F-3C68-4C2E-9DBB-A51517EE3822}
2014-06-18 20:09 - 2014-06-18 20:09 - 00000687 _____ () C:\awhE42.tmp
2014-06-18 10:55 - 2014-06-18 10:55 - 00000687 _____ () C:\awhEE18.tmp
2014-06-18 10:54 - 2014-06-18 20:26 - 00000000 ____D () C:\Program Files\RrFilter
2014-06-18 10:54 - 2014-06-18 10:54 - 00000000 ____D () C:\Users\Rico\AppData\Local\freeSOFTtoday
2014-06-18 10:53 - 2014-06-18 10:55 - 00000000 ____D () C:\temp
2014-06-18 10:53 - 2014-06-18 10:53 - 00000000 ____D () C:\ProgramData\Registry Helper
2014-06-18 10:52 - 2014-06-30 08:42 - 00000000 ____D () C:\Program Files\002
2014-06-18 10:52 - 2014-06-18 10:52 - 00000000 ____D () C:\Users\Rico\AppData\Roaming\InetStat
2014-06-18 10:51 - 2014-07-06 18:29 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-06-18 10:51 - 2014-07-01 22:28 - 00000000 ____D () C:\Users\Rico\AppData\Local\Genesis_06180851
2014-06-18 10:51 - 2014-06-18 10:51 - 00000000 ____D () C:\Users\Rico\AppData\Roaming\SupTab
2014-06-18 10:51 - 2014-06-18 10:51 - 00000000 ____D () C:\ProgramData\WindowsProtectManger
2014-06-18 10:51 - 2014-06-18 10:51 - 00000000 ____D () C:\Program Files (x86)\SupTab

==================== One Month Modified Files and Folders =======

2014-07-17 17:01 - 2014-07-17 17:00 - 00017266 _____ () C:\Users\Rico\Downloads\FRST.txt
2014-07-17 17:00 - 2014-07-17 17:00 - 00000000 ____D () C:\FRST
2014-07-17 16:59 - 2014-07-17 16:59 - 02086912 _____ (Farbar) C:\Users\Rico\Downloads\FRST64.exe
2014-07-17 16:58 - 2014-07-17 16:58 - 00000470 _____ () C:\Users\Rico\Downloads\defogger_disable.log
2014-07-17 16:58 - 2014-07-17 16:58 - 00000168 _____ () C:\Users\Rico\defogger_reenable
2014-07-17 16:58 - 2014-03-18 01:38 - 00000000 ____D () C:\Users\Rico
2014-07-17 16:57 - 2014-07-17 16:57 - 00050477 _____ () C:\Users\Rico\Downloads\Defogger.exe
2014-07-17 16:57 - 2014-07-17 16:57 - 00021312 _____ () C:\Users\Rico\Desktop\scanbericht.txt
2014-07-17 16:52 - 2009-07-14 06:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-17 16:52 - 2009-07-14 06:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-17 16:48 - 2014-07-17 16:48 - 00021312 _____ () C:\ComboFix.txt
2014-07-17 16:48 - 2014-07-17 16:30 - 00000000 ____D () C:\Qoobox
2014-07-17 16:48 - 2014-03-18 01:31 - 02062700 _____ () C:\Windows\WindowsUpdate.log
2014-07-17 16:48 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-07-17 16:47 - 2014-07-17 16:30 - 00000000 ____D () C:\Windows\erdnt
2014-07-17 16:44 - 2014-07-17 16:44 - 00000056 _____ () C:\Windows\setupact.log
2014-07-17 16:44 - 2014-07-17 16:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-17 16:44 - 2014-07-17 16:18 - 00000944 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-07-17 16:44 - 2014-03-22 15:35 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-17 16:44 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-17 16:44 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-17 16:43 - 2014-07-17 16:43 - 00006882 _____ () C:\Windows\PFRO.log
2014-07-17 16:43 - 2009-07-14 04:34 - 63963136 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-07-17 16:43 - 2009-07-14 04:34 - 14942208 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-07-17 16:43 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-07-17 16:43 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-07-17 16:43 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-07-17 16:30 - 2014-07-11 16:37 - 01043188 _____ () C:\Users\Rico\AppData\Local\uucbbppw.gss
2014-07-17 16:30 - 2014-07-11 16:37 - 00184320 _____ () C:\Users\Rico\AppData\Local\uucbbppw.gdb
2014-07-17 16:28 - 2014-07-17 16:28 - 00003114 _____ () C:\Windows\System32\Tasks\{A5DB3CBF-5CD9-4D0C-A0CE-2315700566F5}
2014-07-17 16:27 - 2014-07-17 16:25 - 05221938 ____R (Swearware) C:\Users\Rico\Downloads\ComboFix.exe
2014-07-17 16:26 - 2014-07-17 16:26 - 00000000 ____D () C:\ProgramData\374311380
2014-07-17 16:26 - 2014-07-17 16:24 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-17 16:25 - 2014-07-17 16:24 - 00003238 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-07-17 16:24 - 2014-07-17 16:24 - 00000000 ____D () C:\Users\Rico\Documents\Optimizer Pro
2014-07-17 16:23 - 2014-07-17 16:18 - 00000948 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-07-17 16:22 - 2014-07-17 16:22 - 00002251 _____ () C:\Users\Rico\Desktop\Google Chrome.lnk
2014-07-17 16:22 - 2014-03-22 15:35 - 00000000 ____D () C:\Users\Rico\AppData\Local\Google
2014-07-17 16:18 - 2014-07-17 16:18 - 00003946 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-07-17 16:18 - 2014-07-17 16:18 - 00003692 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-07-17 16:18 - 2014-07-17 16:18 - 00000000 ____D () C:\Users\Rico\AppData\Local\globalUpdate
2014-07-17 16:18 - 2014-07-17 16:18 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-07-17 16:17 - 2014-07-17 16:17 - 00004198 _____ () C:\Windows\System32\Tasks\BrowserSafeguard Update Task
2014-07-17 16:17 - 2014-07-17 16:17 - 00003398 _____ () C:\Windows\System32\Tasks\BrowserSafeguard
2014-07-17 16:17 - 2014-07-17 16:17 - 00000000 ____D () C:\Program Files (x86)\Browsersafeguard
2014-07-17 16:15 - 2014-07-17 16:15 - 00240504 _____ (System Applet ) C:\Users\Rico\Downloads\setup.exe
2014-07-17 16:08 - 2014-03-22 15:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-17 16:05 - 2014-03-22 15:36 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-17 15:46 - 2014-03-18 13:11 - 00000000 ____D () C:\Users\Rico\AppData\Roaming\DAEMON Tools Lite
2014-07-17 15:45 - 2014-05-14 18:39 - 00000000 ____D () C:\Windows\Minidump
2014-07-17 15:45 - 2014-03-18 01:28 - 00000000 ____D () C:\Windows\Panther
2014-07-17 15:41 - 2014-07-17 15:41 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-17 15:41 - 2014-07-17 15:41 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-17 15:41 - 2014-07-17 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-17 15:41 - 2014-07-17 15:41 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-17 15:40 - 2014-07-17 15:39 - 04812672 _____ (Piriform Ltd) C:\Users\Rico\Downloads\ccsetup415.exe
2014-07-17 15:24 - 2011-04-12 09:43 - 00654166 _____ () C:\Windows\system32\perfh007.dat
2014-07-17 15:24 - 2011-04-12 09:43 - 00130006 _____ () C:\Windows\system32\perfc007.dat
2014-07-17 15:24 - 2009-07-14 07:13 - 01498506 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-17 14:41 - 2014-07-17 14:41 - 00000687 _____ () C:\awh10A2.tmp
2014-07-17 14:41 - 2014-03-25 17:25 - 00000000 ____D () C:\Users\Rico\AppData\Roaming\Dropbox
2014-07-17 14:38 - 2014-03-25 17:27 - 00000000 ___RD () C:\Users\Rico\Dropbox
2014-07-17 14:38 - 2014-03-25 17:26 - 00000000 ____D () C:\Users\Rico\AppData\Roaming\DropboxMaster
2014-07-17 12:49 - 2014-07-17 12:49 - 00000687 _____ () C:\awhECE.tmp
2014-07-16 12:45 - 2014-07-16 12:45 - 00000687 _____ () C:\awhC9D.tmp
2014-07-15 10:15 - 2014-07-15 10:15 - 00000687 _____ () C:\awh878.tmp
2014-07-14 18:57 - 2014-07-14 15:57 - 00074626 _____ () C:\Users\Rico\Desktop\Projektphasen.pptx
2014-07-14 13:54 - 2014-07-14 13:54 - 00000687 _____ () C:\awh8A7.tmp
2014-07-10 20:48 - 2014-07-08 16:51 - 00000000 ____D () C:\Users\Rico\Desktop\Samson
2014-07-10 20:46 - 2014-07-06 20:10 - 00000000 ____D () C:\Users\Rico\Desktop\South Africa
2014-07-10 20:19 - 2014-07-10 20:19 - 00000687 _____ () C:\awh962.tmp
2014-07-10 19:15 - 2014-07-10 17:55 - 00000000 ____D () C:\Users\Rico\Desktop\Zeug für Bewerbung
2014-07-10 16:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-10 15:08 - 2014-03-22 15:35 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-10 15:08 - 2014-03-22 15:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-10 15:08 - 2014-03-22 15:35 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-10 14:52 - 2014-07-10 14:52 - 00000687 _____ () C:\awh1FA0.tmp
2014-07-09 11:46 - 2014-07-09 11:46 - 00002832 _____ () C:\Users\Rico\Downloads\Antwort_ 7_1 Schland.zip
2014-07-09 11:20 - 2014-07-09 11:20 - 00000687 _____ () C:\awh9829.tmp
2014-07-09 11:15 - 2009-07-14 06:45 - 00415656 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 11:14 - 2011-04-12 09:55 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 09:45 - 2014-03-18 13:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 09:44 - 2014-03-18 10:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 09:42 - 2014-03-18 10:18 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 09:29 - 2014-07-09 09:29 - 00000687 _____ () C:\awh6F2.tmp
2014-07-07 19:39 - 2014-07-07 19:39 - 00000687 _____ () C:\awh34F4.tmp
2014-07-07 17:37 - 2009-07-14 04:34 - 00000478 _____ () C:\Windows\win.ini
2014-07-07 13:57 - 2014-07-07 13:57 - 00000687 _____ () C:\awh1D30.tmp
2014-07-07 11:59 - 2014-03-26 17:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2014-07-07 10:02 - 2014-07-07 10:02 - 00000687 _____ () C:\awhFD03.tmp
2014-07-07 09:08 - 2014-07-07 09:08 - 00000687 _____ () C:\awh1C27.tmp
2014-07-06 21:49 - 2014-07-06 21:48 - 21169658 _____ () C:\Users\Rico\Downloads\PDFverkleinern_flv.mp4
2014-07-06 21:43 - 2014-07-06 21:43 - 00009002 _____ () C:\Users\Rico\Documents\Application_Rico Wildner_South Africa.pdf.accreport.html
2014-07-06 20:58 - 2014-07-06 20:58 - 00000687 _____ () C:\awh5791.tmp
2014-07-06 20:57 - 2014-07-06 20:57 - 00000000 ____D () C:\Users\Rico\Desktop\PA MA-Bau
2014-07-06 19:53 - 2014-07-06 19:53 - 00014201 _____ () C:\Users\Rico\Downloads\AW_ letter of motivation.zip
2014-07-06 18:33 - 2014-07-06 18:33 - 00000687 _____ () C:\awh981.tmp
2014-07-06 18:29 - 2014-06-18 10:51 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-07-06 18:15 - 2014-07-06 18:15 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-07-06 18:15 - 2014-07-06 18:15 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-07-06 11:59 - 2014-07-06 11:59 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-07-06 11:59 - 2014-03-18 09:52 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-06 11:35 - 2014-07-06 11:35 - 00000687 _____ () C:\awh20D8.tmp
2014-07-05 15:08 - 2014-07-05 15:02 - 00000000 ____D () C:\Users\Rico\Documents\Wohnung
2014-07-05 12:43 - 2014-07-05 12:43 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-07-05 12:43 - 2014-07-05 12:43 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-07-05 12:43 - 2014-07-05 12:43 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-07-05 12:43 - 2014-07-05 12:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-07-03 08:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-02 22:08 - 2014-06-08 13:14 - 00000000 ____D () C:\Users\Rico\Documents\Projektarbeit MB
2014-07-02 17:27 - 2014-07-02 17:27 - 00003164 _____ () C:\Windows\System32\Tasks\{1F6C3454-9EA5-4C60-9934-47B8882F17C4}
2014-07-02 17:23 - 2014-05-16 10:40 - 00000000 ____D () C:\Program Files (x86)\TERA
2014-07-02 14:21 - 2014-07-02 14:21 - 00000687 _____ () C:\awhEC9F.tmp
2014-07-01 22:28 - 2014-06-18 10:51 - 00000000 ____D () C:\Users\Rico\AppData\Local\Genesis_06180851
2014-07-01 13:38 - 2014-07-01 13:38 - 00000687 _____ () C:\awhE7EE.tmp
2014-06-30 20:56 - 2014-06-30 20:56 - 00009470 _____ () C:\Users\Rico\Desktop\Mietaufstellung.xlsx
2014-06-30 18:01 - 2014-06-30 18:01 - 00000687 _____ () C:\awhEAAC.tmp
2014-06-30 08:43 - 2014-06-30 08:43 - 00000687 _____ () C:\awhEEA2.tmp
2014-06-30 08:42 - 2014-06-18 10:52 - 00000000 ____D () C:\Program Files\002
2014-06-30 06:48 - 2014-06-30 06:48 - 00000687 _____ () C:\awhE8E7.tmp
2014-06-29 20:06 - 2014-06-29 20:06 - 00000687 _____ () C:\awhEC60.tmp
2014-06-29 16:34 - 2014-06-29 16:34 - 00000687 _____ () C:\awhEC51.tmp
2014-06-29 09:00 - 2014-06-29 09:00 - 00010116 _____ () C:\Users\Rico\Documents\Uninstall STAR WARS The Old Republic.log
2014-06-29 09:00 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-29 08:17 - 2014-06-29 08:17 - 00000687 _____ () C:\awhE407.tmp
2014-06-27 12:05 - 2014-06-27 12:05 - 00000687 _____ () C:\awh28F.tmp
2014-06-26 12:07 - 2014-06-26 12:06 - 00029732 _____ () C:\Program.RPT
2014-06-26 09:02 - 2014-06-26 09:02 - 00000687 _____ () C:\awhE9C2.tmp
2014-06-25 23:04 - 2014-06-25 23:04 - 00011009 _____ () C:\Users\Rico\Desktop\urlaub.xlsx
2014-06-25 09:48 - 2014-06-25 09:48 - 00000687 _____ () C:\awhF23A.tmp
2014-06-24 15:52 - 2014-06-24 15:52 - 00000687 _____ () C:\awhF0E3.tmp
2014-06-24 07:57 - 2014-06-24 07:57 - 00000687 _____ () C:\awhF1CD.tmp
2014-06-23 09:23 - 2014-06-23 09:23 - 00000687 _____ () C:\awh2D46.tmp
2014-06-22 08:54 - 2014-06-22 08:54 - 00000687 _____ () C:\awhEACB.tmp
2014-06-22 02:09 - 2014-06-22 02:09 - 00000687 _____ () C:\awhF0B4.tmp
2014-06-21 15:29 - 2014-06-21 15:29 - 00000687 _____ () C:\awh1756.tmp
2014-06-20 22:35 - 2014-06-20 22:35 - 00000687 _____ () C:\awh7FB.tmp
2014-06-20 22:14 - 2014-07-09 09:37 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 21:39 - 2014-07-09 09:37 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-20 11:49 - 2014-06-20 11:49 - 00000687 _____ () C:\awh20F7.tmp
2014-06-20 11:40 - 2014-06-20 11:40 - 00013356 _____ () C:\Program1.RPT
2014-06-20 08:43 - 2014-06-20 08:43 - 00000687 _____ () C:\awhAAA.tmp
2014-06-19 14:10 - 2014-06-19 14:10 - 00000687 _____ () C:\awhFC48.tmp
2014-06-19 09:43 - 2014-06-19 09:43 - 00000687 _____ () C:\awh1286.tmp
2014-06-19 09:41 - 2014-06-19 09:41 - 00000000 ____D () C:\Program Files (x86)\JoWood
2014-06-19 09:20 - 2014-06-19 09:14 - 00000000 ____D () C:\Program Files (x86)\System
2014-06-19 09:12 - 2014-06-19 09:12 - 00000687 _____ () C:\awh14E6.tmp
2014-06-19 09:02 - 2014-06-19 09:02 - 00003122 _____ () C:\Windows\System32\Tasks\{AE5FA679-FE10-4403-8E7D-392B1E842DF5}
2014-06-19 08:49 - 2014-06-19 08:49 - 00000687 _____ () C:\awh1045.tmp
2014-06-19 03:39 - 2014-07-09 09:36 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-19 03:06 - 2014-07-09 09:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-19 03:06 - 2014-07-09 09:37 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-19 02:48 - 2014-07-09 09:37 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-19 02:42 - 2014-07-09 09:37 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-19 02:42 - 2014-07-09 09:37 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-19 02:41 - 2014-07-09 09:37 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-19 02:41 - 2014-07-09 09:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-19 02:32 - 2014-07-09 09:37 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-19 02:31 - 2014-07-09 09:37 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-19 02:26 - 2014-07-09 09:37 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-19 02:24 - 2014-07-09 09:37 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-19 02:24 - 2014-07-09 09:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-19 02:23 - 2014-07-09 09:37 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-19 02:16 - 2014-07-09 09:37 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-19 02:14 - 2014-07-09 09:36 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-19 02:09 - 2014-07-09 09:37 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-19 01:59 - 2014-07-09 09:37 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 01:56 - 2014-07-09 09:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-19 01:53 - 2014-07-09 09:37 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-19 01:51 - 2014-07-09 09:37 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-19 01:50 - 2014-07-09 09:37 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-19 01:48 - 2014-07-09 09:37 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-19 01:39 - 2014-07-09 09:37 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-19 01:38 - 2014-07-09 09:37 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-19 01:37 - 2014-07-09 09:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-19 01:36 - 2014-07-09 09:37 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-19 01:35 - 2014-07-09 09:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-19 01:33 - 2014-07-09 09:37 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-19 01:32 - 2014-07-09 09:37 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-19 01:28 - 2014-07-09 09:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-19 01:28 - 2014-07-09 09:37 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-19 01:27 - 2014-07-09 09:37 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-19 01:27 - 2014-07-09 09:37 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-19 01:25 - 2014-07-09 09:37 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-19 01:23 - 2014-07-09 09:37 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-19 01:22 - 2014-07-09 09:37 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-19 01:12 - 2014-07-09 09:37 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-19 01:06 - 2014-07-09 09:37 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-19 01:01 - 2014-07-09 09:37 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-19 00:59 - 2014-07-09 09:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-19 00:58 - 2014-07-09 09:37 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-19 00:58 - 2014-07-09 09:37 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-19 00:52 - 2014-07-09 09:37 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-19 00:51 - 2014-07-09 09:37 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-19 00:49 - 2014-07-09 09:37 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-19 00:46 - 2014-07-09 09:37 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-19 00:45 - 2014-07-09 09:37 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-19 00:35 - 2014-07-09 09:37 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-19 00:34 - 2014-07-09 09:37 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-19 00:15 - 2014-07-09 09:37 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-19 00:13 - 2014-07-09 09:37 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-19 00:09 - 2014-07-09 09:37 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-19 00:07 - 2014-07-09 09:37 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-18 20:32 - 2014-06-18 20:32 - 00000000 ____D () C:\Program Files (x86)\predm
2014-06-18 20:28 - 2014-06-18 20:28 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-06-18 20:26 - 2014-06-18 10:54 - 00000000 ____D () C:\Program Files\RrFilter
2014-06-18 20:22 - 2014-06-18 20:22 - 00002988 _____ () C:\Windows\System32\Tasks\{7636DEA2-C3A4-41C6-AF19-19915C43506E}
2014-06-18 20:19 - 2014-06-18 20:19 - 00000687 _____ () C:\awhF2D6.tmp
2014-06-18 20:17 - 2014-06-18 20:17 - 00008192 _____ () C:\Windows\d3dx.dat
2014-06-18 20:15 - 2014-06-18 20:15 - 00002988 _____ () C:\Windows\System32\Tasks\{98C19DD3-808B-429F-BE86-25D4C401916B}
2014-06-18 20:13 - 2014-06-18 20:13 - 00002988 _____ () C:\Windows\System32\Tasks\{35941D3F-3C68-4C2E-9DBB-A51517EE3822}
2014-06-18 20:09 - 2014-06-18 20:09 - 00000687 _____ () C:\awhE42.tmp
2014-06-18 11:28 - 2014-04-03 16:09 - 00000000 ____D () C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-06-18 11:28 - 2014-03-18 01:38 - 00000000 ____D () C:\Users\Rico\AppData\Local\VirtualStore
2014-06-18 11:26 - 2014-06-14 17:16 - 00000000 ____D () C:\Users\Rico\AppData\Local\Adobe
2014-06-18 10:55 - 2014-06-18 10:55 - 00000687 _____ () C:\awhEE18.tmp
2014-06-18 10:55 - 2014-06-18 10:53 - 00000000 ____D () C:\temp
2014-06-18 10:54 - 2014-06-18 10:54 - 00000000 ____D () C:\Users\Rico\AppData\Local\freeSOFTtoday
2014-06-18 10:53 - 2014-06-18 10:53 - 00000000 ____D () C:\ProgramData\Registry Helper
2014-06-18 10:52 - 2014-06-18 10:52 - 00000000 ____D () C:\Users\Rico\AppData\Roaming\InetStat
2014-06-18 10:51 - 2014-06-18 10:51 - 00000000 ____D () C:\Users\Rico\AppData\Roaming\SupTab
2014-06-18 10:51 - 2014-06-18 10:51 - 00000000 ____D () C:\ProgramData\WindowsProtectManger
2014-06-18 10:51 - 2014-06-18 10:51 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-06-18 10:51 - 2014-03-18 13:20 - 00000000 _____ () C:\END
2014-06-18 10:50 - 2014-03-18 01:40 - 00001657 _____ () C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-18 04:18 - 2014-07-09 09:37 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-18 03:51 - 2014-07-09 09:37 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-18 03:10 - 2014-07-09 09:37 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-17 18:00 - 2014-03-22 15:36 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-17 17:59 - 2014-03-22 15:35 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-08 03:16

==================== End Of Log ============================
Addition:
Zitat:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2014 01
Ran by Rico at 2014-07-17 17:01:25
Running from C:\Users\Rico\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.07 - Adobe Systems)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.5.100.21116 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{A70B905D-2E57-66A0-3BFE-66B8E71E0C70}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.71116.1554 - Advanced Micro Devices, Inc.) Hidden
ASUS Ai Charger (HKLM-x32\...\{7FB64E72-9B0E-4460-A821-040C341E414A}) (Version: 1.03.00 - ASUSTeK Computer Inc.)
BrowserSafeguard with RocketTab (HKLM-x32\...\BrowserSafeguard) (Version: - BrowserSafeguard with RocketTab) <==== ATTENTION
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.1116.1515.27190 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version: - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Java 8 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418000FF}) (Version: 8.0.0 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.00.132 - Oracle, Inc.) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Network System Driver (HKLM-x32\...\inethnfd) (Version: 1.0.0.3001 - ) <==== ATTENTION
Opera Stable 22.0.1471.50 (HKLM-x32\...\Opera 22.0.1471.50) (Version: 22.0.1471.50 - Opera Software ASA)
QuickTime (HKLM-x32\...\QuickTime) (Version: - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.1.0 - Synaptics Incorporated)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
webssearches uninstaller (HKLM-x32\...\webssearches uninstaller) (Version: - webssearches) <==== ATTENTION
WindowsProtectManger20.0.0.401 (HKLM-x32\...\WindowsProtectManger) (Version: 20.0.0.401 - Fuyu LIMITED) <==== ATTENTION
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Restore Points =========================

05-07-2014 10:37:38 Windows Update
06-07-2014 09:59:18 Adblock Plus for IE
06-07-2014 16:09:05 Windows Update
07-07-2014 15:34:08 Windows Update
09-07-2014 07:40:07 Windows Update
14-07-2014 09:00:47 Windows Update
17-07-2014 10:56:26 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-07-17 16:44 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0432A37F-0121-4CDA-A7AB-92087229538F} - System32\Tasks\{35941D3F-3C68-4C2E-9DBB-A51517EE3822} => C:\Program Files (x86)\JoWood\Gothic II Gold\System\Gothic2.exe
Task: {4AB0825C-46BD-4244-9C5A-C58AB83F0480} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-22] (Google Inc.)
Task: {60F83189-FC41-415D-B976-2A7D9956C90F} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {7DB7343F-9E01-4274-BDF1-4FAF0CA2BFBB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-22] (Google Inc.)
Task: {7E98A268-F9BD-496B-B76F-A91CE3856684} - System32\Tasks\Opera scheduled Autoupdate 1395129556 => C:\Program Files (x86)\Opera\launcher.exe [2014-05-27] (Opera Software)
Task: {80C0F581-AA2E-47AB-B4F7-21D4040256B2} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-07-17] (globalUpdate) <==== ATTENTION
Task: {8D2BA4C8-4D22-4D16-B37A-9E36E97FA5B4} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe [2014-07-17] () <==== ATTENTION
Task: {9F321AD3-0717-4170-AC4E-F3E6FA3BDBA2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-10] (Adobe Systems Incorporated)
Task: {A1C74073-1F61-4765-8E06-51BC3F3514FA} - System32\Tasks\BrowserSafeguard => C:\Windows\system32\cmd.exe [2010-11-21] (Microsoft Corporation)
Task: {C46E7DB8-4413-4620-90D7-F4B52A951037} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {D7C71E4B-D0FA-46DE-B603-2C2E4941AE7B} - System32\Tasks\{7636DEA2-C3A4-41C6-AF19-19915C43506E} => C:\Program Files (x86)\JoWood\Gothic II Gold\System\Gothic2.exe
Task: {E2DF983C-20E2-48B9-AE2B-05DD39BF5A23} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-07-17] (globalUpdate) <==== ATTENTION
Task: {F8FC81A1-63D2-48FA-A5AA-2FA4AE7C4FA7} - System32\Tasks\{98C19DD3-808B-429F-BE86-25D4C401916B} => C:\Program Files (x86)\JoWood\Gothic II Gold\System\Gothic2.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-17 16:17 - 2014-07-17 16:17 - 00926720 _____ () C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-06-03 15:43 - 2014-06-03 15:41 - 01396344 _____ () C:\Program Files (x86)\Opera\22.0.1471.50\opera_crashreporter.exe
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-06-03 15:43 - 2014-06-03 15:41 - 00877176 _____ () C:\Program Files (x86)\Opera\22.0.1471.50\libglesv2.dll
2014-06-03 15:43 - 2014-06-03 15:41 - 00135800 _____ () C:\Program Files (x86)\Opera\22.0.1471.50\libegl.dll
2014-06-03 15:43 - 2014-06-03 15:41 - 00957048 _____ () C:\Program Files (x86)\Opera\22.0.1471.50\ffmpegsumo.dll
2014-07-10 15:08 - 2014-07-10 15:08 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/17/2014 04:45:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: pev.3XE, Version: 0.0.0.0, Zeitstempel: 0x4e06cfe8
Name des fehlerhaften Moduls: SHLWAPI.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4ce7b9e2
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7563f69b
ID des fehlerhaften Prozesses: 0x7bc
Startzeit der fehlerhaften Anwendung: 0xpev.3XE0
Pfad der fehlerhaften Anwendung: pev.3XE1
Pfad des fehlerhaften Moduls: pev.3XE2
Berichtskennung: pev.3XE3

Error: (07/17/2014 04:45:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2014 04:44:55 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/17/2014 04:44:55 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/17/2014 04:44:55 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/17/2014 04:44:55 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)

Error: (07/17/2014 04:44:54 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/17/2014 04:44:54 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)

Error: (07/17/2014 04:44:54 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/17/2014 04:44:54 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (07/17/2014 04:49:35 PM) (Source: Schannel) (EventID: 4108) (User: Rico-PC)
Description: Das vom Remoteserver erhaltene Zertifikat wurde falsch verifiziert. Fehlercode: 0x80092012. Fehler bei der SSL-Zertifikatanforderung. Die angefügten Daten enthalten das Serverzertifikat.

Error: (07/17/2014 04:49:35 PM) (Source: Schannel) (EventID: 4120) (User: Rico-PC)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 552.

Error: (07/17/2014 04:49:32 PM) (Source: Schannel) (EventID: 4108) (User: Rico-PC)
Description: Das vom Remoteserver erhaltene Zertifikat wurde falsch verifiziert. Fehlercode: 0x80092012. Fehler bei der SSL-Zertifikatanforderung. Die angefügten Daten enthalten das Serverzertifikat.

Error: (07/17/2014 04:49:32 PM) (Source: Schannel) (EventID: 4120) (User: Rico-PC)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 552.

Error: (07/17/2014 04:49:28 PM) (Source: Schannel) (EventID: 4108) (User: Rico-PC)
Description: Das vom Remoteserver erhaltene Zertifikat wurde falsch verifiziert. Fehlercode: 0x80092012. Fehler bei der SSL-Zertifikatanforderung. Die angefügten Daten enthalten das Serverzertifikat.

Error: (07/17/2014 04:49:28 PM) (Source: Schannel) (EventID: 4120) (User: Rico-PC)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 552.

Error: (07/17/2014 04:46:17 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{458FA1E6-F266-4F7A-B005-345EC391D1F7}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (07/17/2014 04:44:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/17/2014 04:44:55 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.

Error: (07/17/2014 04:42:54 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.


Microsoft Office Sessions:
=========================
Error: (07/17/2014 04:45:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: pev.3XE0.0.0.04e06cfe8SHLWAPI.dll_unloaded0.0.0.04ce7b9e2c00000057563f69b7bc01cfa1cdc6d8cbe7C:\ComboFix\pev.3XESHLWAPI.dll05ecc691-0dc1-11e4-9c08-002433d45d01

Error: (07/17/2014 04:45:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2014 04:44:55 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/17/2014 04:44:55 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung


Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/17/2014 04:44:55 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/17/2014 04:44:55 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (07/17/2014 04:44:54 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (07/17/2014 04:44:54 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)

Error: (07/17/2014 04:44:54 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (07/17/2014 04:44:54 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
4700


CodeIntegrity Errors:
===================================
Date: 2014-07-17 16:42:03.054
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2014-07-17 16:42:03.014
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 44%
Total physical RAM: 4063.03 MB
Available physical RAM: 2244.4 MB
Total Pagefile: 8124.23 MB
Available Pagefile: 5752.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:287.9 GB) (Free:240.96 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive g: (SAMSUNG) (Fixed) (Total:465.76 GB) (Free:130.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: D3943124)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=288 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 466 GB) (Disk ID: 7EE32411)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================
GMER:
Zitat:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-17 17:11:06
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVS-26VAT0 rev.11.01A11 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\Rico\AppData\Local\Temp\kxldrpog.sys


---- User code sections - GMER 2.1 ----

.text C:\ProgramData\IePluginServices\PluginService.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ec1465 2 bytes [EC, 75]
.text C:\ProgramData\IePluginServices\PluginService.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ec14bb 2 bytes [EC, 75]
.text ... * 2

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002433d45d01
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002433d45d01 (not active ControlSet)

---- EOF - GMER 2.1 ----
Vor eurer Anleitung habe ich mit CCleaner alles bereinigt und mit Combofix folgendes aufgenommen:

Zitat:
ComboFix 14-07-17.03 - Rico 17.07.2014 16:33:38.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4063.2610 [GMT 2:00]
ausgeführt von:: c:\users\Rico\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Rico\AppData\Local\uucbbppw.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETHFDRV
-------\Service_globalUpdate
-------\Service_nethfdrv
-------\Service_NetHttpService
-------\Service_ServiceUpdater
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-06-17 bis 2014-07-17 ))))))))))))))))))))))))))))))
.
.
2014-07-17 14:42 . 2014-07-17 14:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-17 14:26 . 2014-07-17 14:26 -------- d-----w- c:\programdata\374311380
2014-07-17 14:18 . 2014-07-17 14:18 -------- d-----w- c:\users\Rico\AppData\Local\globalUpdate
2014-07-17 14:18 . 2014-07-17 14:18 -------- d-----w- c:\program files (x86)\globalUpdate
2014-07-17 14:17 . 2014-07-17 14:17 -------- d-----w- c:\program files (x86)\Browsersafeguard
2014-07-17 13:41 . 2014-07-17 13:41 -------- d-----w- c:\program files\CCleaner
2014-07-17 12:41 . 2014-07-17 12:41 687 ----a-w- C:\awh10A2.tmp
2014-07-17 10:49 . 2014-07-17 10:49 687 ----a-w- C:\awhECE.tmp
2014-07-16 10:52 . 2014-07-02 03:09 10924376 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{392F7DA7-7A3E-4DAB-862C-87E20E8B2610}\mpengine.dll
2014-07-16 10:45 . 2014-07-16 10:45 687 ----a-w- C:\awhC9D.tmp
2014-07-15 08:15 . 2014-07-15 08:15 687 ----a-w- C:\awh878.tmp
2014-07-14 11:54 . 2014-07-14 11:54 687 ----a-w- C:\awh8A7.tmp
2014-07-14 09:01 . 2014-06-05 01:54 10779000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-07-11 14:49 . 2014-07-05 10:48 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-07-11 14:49 . 2014-07-05 10:48 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{80C1277B-A3AE-43AF-A3CF-AF1EB4741A24}\gapaengine.dll
2014-07-10 18:19 . 2014-07-10 18:19 687 ----a-w- C:\awh962.tmp
2014-07-10 12:52 . 2014-07-10 12:52 687 ----a-w- C:\awh1FA0.tmp
2014-07-09 09:20 . 2014-07-09 09:20 687 ----a-w- C:\awh9829.tmp
2014-07-09 07:36 . 2014-06-19 00:14 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-07-09 07:36 . 2014-06-18 23:50 977408 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2014-07-09 07:36 . 2014-06-19 01:39 23464448 ----a-w- c:\windows\system32\mshtml.dll
2014-07-09 07:36 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-09 07:36 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-07-09 07:36 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-07-09 07:29 . 2014-07-09 07:29 687 ----a-w- C:\awh6F2.tmp
2014-07-07 17:39 . 2014-07-07 17:39 687 ----a-w- C:\awh34F4.tmp
2014-07-07 11:57 . 2014-07-07 11:57 687 ----a-w- C:\awh1D30.tmp
2014-07-07 08:02 . 2014-07-07 08:02 687 ----a-w- C:\awhFD03.tmp
2014-07-07 07:08 . 2014-07-07 07:08 687 ----a-w- C:\awh1C27.tmp
2014-07-06 18:58 . 2014-07-06 18:58 687 ----a-w- C:\awh5791.tmp
2014-07-06 16:33 . 2014-07-06 16:33 687 ----a-w- C:\awh981.tmp
2014-07-06 16:15 . 2014-07-06 16:15 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2014-07-06 09:59 . 2014-07-06 09:59 -------- d-----w- c:\program files\Adblock Plus for IE
2014-07-06 09:35 . 2014-07-06 09:35 687 ----a-w- C:\awh20D8.tmp
2014-07-05 10:43 . 2014-07-05 10:43 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2014-07-05 10:43 . 2014-07-05 10:43 -------- d-----w- c:\program files\Microsoft Security Client
2014-07-05 10:38 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DF2CCDC1-1A8D-4B99-8066-BE56A19E0136}\mpengine.dll
2014-07-02 12:21 . 2014-07-02 12:21 687 ----a-w- C:\awhEC9F.tmp
2014-07-01 11:38 . 2014-07-01 11:38 687 ----a-w- C:\awhE7EE.tmp
2014-06-30 16:01 . 2014-06-30 16:01 687 ----a-w- C:\awhEAAC.tmp
2014-06-30 06:43 . 2014-06-30 06:43 687 ----a-w- C:\awhEEA2.tmp
2014-06-30 04:48 . 2014-06-30 04:48 687 ----a-w- C:\awhE8E7.tmp
2014-06-29 18:06 . 2014-06-29 18:06 687 ----a-w- C:\awhEC60.tmp
2014-06-29 14:34 . 2014-06-29 14:34 687 ----a-w- C:\awhEC51.tmp
2014-06-29 06:17 . 2014-06-29 06:17 687 ----a-w- C:\awhE407.tmp
2014-06-27 10:05 . 2014-06-27 10:05 687 ----a-w- C:\awh28F.tmp
2014-06-26 07:02 . 2014-06-26 07:02 687 ----a-w- C:\awhE9C2.tmp
2014-06-25 07:48 . 2014-06-25 07:48 687 ----a-w- C:\awhF23A.tmp
2014-06-24 13:52 . 2014-06-24 13:52 687 ----a-w- C:\awhF0E3.tmp
2014-06-24 05:57 . 2014-06-24 05:57 687 ----a-w- C:\awhF1CD.tmp
2014-06-23 07:23 . 2014-06-23 07:23 687 ----a-w- C:\awh2D46.tmp
2014-06-22 06:54 . 2014-06-22 06:54 687 ----a-w- C:\awhEACB.tmp
2014-06-22 00:09 . 2014-06-22 00:09 687 ----a-w- C:\awhF0B4.tmp
2014-06-21 13:29 . 2014-06-21 13:29 687 ----a-w- C:\awh1756.tmp
2014-06-20 20:35 . 2014-06-20 20:35 687 ----a-w- C:\awh7FB.tmp
2014-06-20 09:49 . 2014-06-20 09:49 687 ----a-w- C:\awh20F7.tmp
2014-06-20 06:43 . 2014-06-20 06:43 687 ----a-w- C:\awhAAA.tmp
2014-06-19 12:10 . 2014-06-19 12:10 687 ----a-w- C:\awhFC48.tmp
2014-06-19 07:43 . 2014-06-19 07:43 687 ----a-w- C:\awh1286.tmp
2014-06-19 07:41 . 2014-06-19 07:41 -------- d-----w- c:\program files (x86)\JoWood
2014-06-19 07:14 . 2014-06-19 07:20 -------- d-----w- c:\program files (x86)\System
2014-06-19 07:12 . 2014-06-19 07:12 687 ----a-w- C:\awh14E6.tmp
2014-06-19 06:49 . 2014-06-19 06:49 687 ----a-w- C:\awh1045.tmp
2014-06-18 18:32 . 2014-06-18 18:32 -------- d-----w- c:\program files (x86)\predm
2014-06-18 18:28 . 2014-06-18 18:28 -------- d-----w- c:\windows\system32\appmgmt
2014-06-18 18:19 . 2014-06-18 18:19 687 ----a-w- C:\awhF2D6.tmp
2014-06-18 18:09 . 2014-06-18 18:09 687 ----a-w- C:\awhE42.tmp
2014-06-18 08:55 . 2014-06-18 08:55 687 ----a-w- C:\awhEE18.tmp
2014-06-18 08:54 . 2014-06-18 18:26 -------- d-----w- c:\program files\RrFilter
2014-06-18 08:54 . 2014-06-18 08:54 -------- d-----w- c:\users\Rico\AppData\Local\freeSOFTtoday
2014-06-18 08:53 . 2014-06-18 08:53 -------- d-----w- c:\programdata\Registry Helper
2014-06-18 08:53 . 2014-06-18 08:55 -------- d-----w- C:\temp
2014-06-18 08:52 . 2014-06-30 06:42 -------- d-----w- c:\program files\002
2014-06-18 08:52 . 2014-06-18 08:52 -------- d-----w- c:\users\Rico\AppData\Roaming\InetStat
2014-06-18 08:51 . 2014-07-01 20:28 -------- d-----w- c:\users\Rico\AppData\Local\Genesis_06180851
2014-06-18 08:51 . 2014-06-18 08:51 -------- d-----w- c:\users\Rico\AppData\Roaming\SupTab
2014-06-18 08:51 . 2014-07-06 16:29 -------- d-----w- c:\programdata\IePluginServices
2014-06-18 08:51 . 2014-06-18 08:51 -------- d-----w- c:\program files (x86)\SupTab
2014-06-18 08:51 . 2014-06-18 08:51 -------- d-----w- c:\programdata\WindowsProtectManger
2014-06-18 08:50 . 2014-07-02 15:26 -------- d-----w- c:\users\Rico\AppData\Roaming\webssearches
2014-06-18 08:50 . 2014-06-18 08:50 -------- d-----w- c:\program files (x86)\Common Files\Config
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-10 13:08 . 2014-03-22 13:35 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-10 13:08 . 2014-03-22 13:35 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-09 07:42 . 2014-03-18 08:18 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-06-15 06:46 . 2014-06-15 06:46 46160 ----a-w- c:\windows\system32\drivers\nethfdrv.sys
2014-06-15 06:46 . 2014-06-15 06:46 159744 ----a-w- c:\windows\SysWow64\netupdsrv.exe
2014-06-15 06:46 . 2014-06-15 06:46 108544 ----a-w- c:\windows\SysWow64\installd.exe
2014-06-15 06:45 . 2014-06-15 06:45 180224 ----a-w- c:\windows\SysWow64\nethtsrv.exe
2014-06-15 06:45 . 2014-06-15 06:45 108544 ----a-w- c:\windows\SysWow64\hfnapi.dll
2014-06-15 06:45 . 2014-06-15 06:45 246784 ----a-w- c:\windows\SysWow64\hfpapi.dll
2014-06-07 19:57 . 2014-06-07 19:57 1409 ----a-w- c:\windows\QTFont.for
2014-04-25 02:34 . 2014-06-13 19:56 801280 ----a-w- c:\windows\system32\usp10.dll
2014-04-25 02:06 . 2014-06-13 19:56 626688 ----a-w- c:\windows\SysWow64\usp10.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
2014-05-08 10:52 513648 ----a-w- c:\program files (x86)\SupTab\SupTab.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Rico\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Rico\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Rico\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2013-04-22 720064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-16 641704]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2014-05-08 3499896]
"ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2012-08-13 547984]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-03-04 224128]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2014-06-07 77824]
"BrowserSafeguard Update Task"="c:\program files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe" [2014-07-17 3692544]
.
c:\users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Rico\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\SupTab\SearchProtect32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe;c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 IePluginServices;IePlugin Services;c:\programdata\IePluginServices\PluginService.exe;c:\programdata\IePluginServices\PluginService.exe [x]
S2 WindowsProtectManger;WindowsProtectManger Service;c:\programdata\WindowsProtectManger\wprotectmanager.exe;c:\programdata\WindowsProtectManger\wprotectmanager.exe [x]
S3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys;SysWow64\drivers\AiCharger.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-14 09:18 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-22 13:08]
.
2014-07-17 c:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
- c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-07-17 14:18]
.
2014-07-17 c:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job
- c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-07-17 14:18]
.
2014-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-22 13:35]
.
2014-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-22 13:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Rico\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Rico\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Rico\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Rico\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-27 558496]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\SupTab\SearchProtect64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.trovi.com/?gd=&ctid=CT3323829&octid=EB_ORIGINAL_CTID&ISID=M9FD30DC1-0F75-48F8-B665-1DE3C683EBE0&SearchSource=55&CUI=&UM=6&UP=SPAD8AFDB2-2C9B-48A0-86C2-DE4DD2757C4C&SSPV=
mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1403081456&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57&q={searchTerms}
mDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1403081456&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57
mStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1403081456&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1403081456&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57&q={searchTerms}
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:49156;https=127.0.0.1:49156
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-uucbbppw - c:\users\rico\appdata\local\uucbbppw.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-fst_de_43 - (no file)
Wow6432Node-HKLM-Run-Registry Helper - c:\program files (x86)\Registry Helper\RegistryHelper.Exe
c:\users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uucbbppw.lnk - c:\users\Rico\AppData\Local\uucbbppw.exe /r
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-uucbbppw - c:\users\rico\appdata\local\uucbbppw.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Browsersafeguard\BrowserSafeguard.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-07-17 16:48:47 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-07-17 14:48
.
Vor Suchlauf: 8 Verzeichnis(se), 259.023.011.840 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 258.739.404.800 Bytes frei
.
- - End Of File - - CCA27E93F9D4998D7D25E0BC533971F4
A36C5E4F47E84449FF07ED3517B43A31
Einen Virenscan kann ich leider nicht schicken, da "Microsoft Security Essentials" nichts gefunden hat. Da sollte ich wohl über einen anderen Scanner nachdenken.

Habt vielen Dank für eure Hilfe.

Gruß

Alt 17.07.2014, 17:10   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7: Internet Explorer startet automatisch Werbung/ Webseiten werden auf Werbung umgeleitet - Standard

Windows 7: Internet Explorer startet automatisch Werbung/ Webseiten werden auf Werbung umgeleitet


hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.





Adware & Co. deinstallieren
  • Lade Dir bitte von hier Revo Uninstaller herunter.
  • Installiere und starte das Programm.
  • Suche im Uninstallerfeld nach den Programmen, die unter:

    diesen Zusatz haben:
  • Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________

__________________
Alt 20.07.2014, 15:44   #3
ihansklaus
 
Windows 7: Internet Explorer startet automatisch Werbung/ Webseiten werden auf Werbung umgeleitet - Standard

Windows 7: Internet Explorer startet automatisch Werbung/ Webseiten werden auf Werbung umgeleitet


Danke für die Antwort! Der Logfile von Combifix ist folgender:

Bei der Ausführung von Combifix kam öfter sie Meldung: " PEV.exe funktioniert nicht mehr"

Code:
ATTFilter
ComboFix 14-07-19.01 - Rico 20.07.2014  16:32:38.2.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4063.2439 [GMT 2:00]
ausgeführt von:: c:\users\Rico\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-06-20 bis 2014-07-20  ))))))))))))))))))))))))))))))
.
.
2014-07-20 14:37 . 2014-07-20 14:37	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-07-20 14:26 . 2014-07-20 14:26	--------	d-----w-	c:\program files (x86)\VS Revo Group
2014-07-20 14:20 . 2014-07-20 14:20	75888	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{97697135-EFC9-45A4-B1D0-E1101DE60153}\offreg.dll
2014-07-19 18:51 . 2014-07-02 03:09	10924376	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{97697135-EFC9-45A4-B1D0-E1101DE60153}\mpengine.dll
2014-07-19 18:42 . 2014-07-19 18:42	--------	d-----w-	c:\users\Rico\AppData\Local\BrowserSafeguard
2014-07-18 08:13 . 2014-07-18 08:13	--------	d-----w-	c:\programdata\Swiss Academic Software
2014-07-18 08:13 . 2014-07-18 08:13	--------	d-----w-	c:\users\Rico\AppData\Roaming\Swiss Academic Software
2014-07-18 07:58 . 2014-07-02 03:09	10924376	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-07-18 07:51 . 2014-02-07 10:58	708992	----a-w-	c:\program files (x86)\Internet Explorer\Citavi Picker\x64\SwissAcademic.Citavi.IEPicker.dll
2014-07-18 07:51 . 2014-02-07 10:58	103752	----a-w-	c:\program files (x86)\Internet Explorer\Citavi Picker\x64\IEPickerBroker.exe
2014-07-18 07:51 . 2014-01-28 05:47	126976	----a-w-	c:\program files (x86)\Internet Explorer\Citavi Picker\x64\Interop.SHDocVw.dll
2014-07-18 07:51 . 2013-05-23 04:17	95232	----a-w-	c:\program files (x86)\Internet Explorer\Citavi Picker\x64\CitaviInternetExplorerPickerHelper.exe
2014-07-18 07:51 . 2012-07-26 17:08	8022976	----a-w-	c:\program files (x86)\Internet Explorer\Citavi Picker\x64\Microsoft.mshtml.dll
2014-07-18 07:51 . 2014-02-07 10:58	708992	----a-w-	c:\program files (x86)\Internet Explorer\Citavi Picker\SwissAcademic.Citavi.IEPicker.dll
2014-07-18 07:51 . 2014-02-07 10:58	103752	----a-w-	c:\program files (x86)\Internet Explorer\Citavi Picker\IEPickerBroker.exe
2014-07-18 07:51 . 2014-01-28 05:47	126976	----a-w-	c:\program files (x86)\Internet Explorer\Citavi Picker\Interop.SHDocVw.dll
2014-07-18 07:51 . 2013-05-23 04:17	95232	----a-w-	c:\program files (x86)\Internet Explorer\Citavi Picker\CitaviInternetExplorerPickerHelper.exe
2014-07-18 07:51 . 2012-07-26 17:08	8022976	----a-w-	c:\program files (x86)\Internet Explorer\Citavi Picker\Microsoft.mshtml.dll
2014-07-18 07:48 . 2014-07-18 07:50	--------	d-----w-	c:\program files (x86)\Citavi 4
2014-07-18 07:46 . 2014-07-18 07:46	--------	d-----w-	c:\users\Rico\AppData\Local\Downloaded Installations
2014-07-17 15:00 . 2014-07-17 15:01	--------	d-----w-	C:\FRST
2014-07-17 14:26 . 2014-07-17 14:26	--------	d-----w-	c:\programdata\374311380
2014-07-17 14:18 . 2014-07-17 21:01	--------	d-----w-	c:\program files (x86)\globalUpdate
2014-07-17 14:18 . 2014-07-17 14:18	--------	d-----w-	c:\users\Rico\AppData\Local\globalUpdate
2014-07-17 14:17 . 2014-07-17 14:17	--------	d-----w-	c:\program files (x86)\Browsersafeguard
2014-07-17 13:41 . 2014-07-17 13:41	--------	d-----w-	c:\program files\CCleaner
2014-07-17 12:41 . 2014-07-17 12:41	687	----a-w-	C:\awh10A2.tmp
2014-07-17 10:49 . 2014-07-17 10:49	687	----a-w-	C:\awhECE.tmp
2014-07-16 10:45 . 2014-07-16 10:45	687	----a-w-	C:\awhC9D.tmp
2014-07-15 08:15 . 2014-07-15 08:15	687	----a-w-	C:\awh878.tmp
2014-07-14 11:54 . 2014-07-14 11:54	687	----a-w-	C:\awh8A7.tmp
2014-07-11 14:49 . 2014-07-05 10:48	1031560	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-07-11 14:49 . 2014-07-05 10:48	1031560	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{80C1277B-A3AE-43AF-A3CF-AF1EB4741A24}\gapaengine.dll
2014-07-10 18:19 . 2014-07-10 18:19	687	----a-w-	C:\awh962.tmp
2014-07-10 12:52 . 2014-07-10 12:52	687	----a-w-	C:\awh1FA0.tmp
2014-07-09 09:20 . 2014-07-09 09:20	687	----a-w-	C:\awh9829.tmp
2014-07-09 07:36 . 2014-06-19 00:14	940032	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-07-09 07:36 . 2014-06-18 23:50	977408	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2014-07-09 07:36 . 2014-06-19 01:39	23464448	----a-w-	c:\windows\system32\mshtml.dll
2014-07-09 07:36 . 2014-06-05 14:45	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-07-09 07:36 . 2014-06-05 14:26	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-07-09 07:36 . 2014-06-05 14:25	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2014-07-09 07:29 . 2014-07-09 07:29	687	----a-w-	C:\awh6F2.tmp
2014-07-07 17:39 . 2014-07-07 17:39	687	----a-w-	C:\awh34F4.tmp
2014-07-07 11:57 . 2014-07-07 11:57	687	----a-w-	C:\awh1D30.tmp
2014-07-07 08:02 . 2014-07-07 08:02	687	----a-w-	C:\awhFD03.tmp
2014-07-07 07:08 . 2014-07-07 07:08	687	----a-w-	C:\awh1C27.tmp
2014-07-06 18:58 . 2014-07-06 18:58	687	----a-w-	C:\awh5791.tmp
2014-07-06 16:33 . 2014-07-06 16:33	687	----a-w-	C:\awh981.tmp
2014-07-06 16:15 . 2014-07-06 16:15	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2014-07-06 09:59 . 2014-07-06 09:59	--------	d-----w-	c:\program files\Adblock Plus for IE
2014-07-06 09:35 . 2014-07-06 09:35	687	----a-w-	C:\awh20D8.tmp
2014-07-05 10:43 . 2014-07-05 10:43	--------	d-----w-	c:\program files (x86)\Microsoft Security Client
2014-07-05 10:43 . 2014-07-05 10:43	--------	d-----w-	c:\program files\Microsoft Security Client
2014-07-05 10:38 . 2014-06-05 10:54	10779000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DF2CCDC1-1A8D-4B99-8066-BE56A19E0136}\mpengine.dll
2014-07-02 12:21 . 2014-07-02 12:21	687	----a-w-	C:\awhEC9F.tmp
2014-07-01 11:38 . 2014-07-01 11:38	687	----a-w-	C:\awhE7EE.tmp
2014-06-30 16:01 . 2014-06-30 16:01	687	----a-w-	C:\awhEAAC.tmp
2014-06-30 06:43 . 2014-06-30 06:43	687	----a-w-	C:\awhEEA2.tmp
2014-06-30 04:48 . 2014-06-30 04:48	687	----a-w-	C:\awhE8E7.tmp
2014-06-29 18:06 . 2014-06-29 18:06	687	----a-w-	C:\awhEC60.tmp
2014-06-29 14:34 . 2014-06-29 14:34	687	----a-w-	C:\awhEC51.tmp
2014-06-29 06:17 . 2014-06-29 06:17	687	----a-w-	C:\awhE407.tmp
2014-06-27 10:05 . 2014-06-27 10:05	687	----a-w-	C:\awh28F.tmp
2014-06-26 07:02 . 2014-06-26 07:02	687	----a-w-	C:\awhE9C2.tmp
2014-06-25 07:48 . 2014-06-25 07:48	687	----a-w-	C:\awhF23A.tmp
2014-06-24 13:52 . 2014-06-24 13:52	687	----a-w-	C:\awhF0E3.tmp
2014-06-24 05:57 . 2014-06-24 05:57	687	----a-w-	C:\awhF1CD.tmp
2014-06-23 07:23 . 2014-06-23 07:23	687	----a-w-	C:\awh2D46.tmp
2014-06-22 06:54 . 2014-06-22 06:54	687	----a-w-	C:\awhEACB.tmp
2014-06-22 00:09 . 2014-06-22 00:09	687	----a-w-	C:\awhF0B4.tmp
2014-06-21 13:29 . 2014-06-21 13:29	687	----a-w-	C:\awh1756.tmp
2014-06-20 20:35 . 2014-06-20 20:35	687	----a-w-	C:\awh7FB.tmp
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-10 13:08 . 2014-03-22 13:35	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-10 13:08 . 2014-03-22 13:35	699056	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-09 07:42 . 2014-03-18 08:18	96441528	----a-w-	c:\windows\system32\MRT.exe
2014-06-20 09:49 . 2014-06-20 09:49	687	----a-w-	C:\awh20F7.tmp
2014-06-20 06:43 . 2014-06-20 06:43	687	----a-w-	C:\awhAAA.tmp
2014-06-19 12:10 . 2014-06-19 12:10	687	----a-w-	C:\awhFC48.tmp
2014-06-19 07:43 . 2014-06-19 07:43	687	----a-w-	C:\awh1286.tmp
2014-06-19 07:12 . 2014-06-19 07:12	687	----a-w-	C:\awh14E6.tmp
2014-06-19 06:49 . 2014-06-19 06:49	687	----a-w-	C:\awh1045.tmp
2014-06-18 18:19 . 2014-06-18 18:19	687	----a-w-	C:\awhF2D6.tmp
2014-06-18 18:09 . 2014-06-18 18:09	687	----a-w-	C:\awhE42.tmp
2014-06-18 08:55 . 2014-06-18 08:55	687	----a-w-	C:\awhEE18.tmp
2014-06-15 06:46 . 2014-06-15 06:46	46160	----a-w-	c:\windows\system32\drivers\nethfdrv.sys
2014-06-15 06:46 . 2014-06-15 06:46	159744	----a-w-	c:\windows\SysWow64\netupdsrv.exe
2014-06-15 06:46 . 2014-06-15 06:46	108544	----a-w-	c:\windows\SysWow64\installd.exe
2014-06-15 06:45 . 2014-06-15 06:45	180224	----a-w-	c:\windows\SysWow64\nethtsrv.exe
2014-06-15 06:45 . 2014-06-15 06:45	108544	----a-w-	c:\windows\SysWow64\hfnapi.dll
2014-06-15 06:45 . 2014-06-15 06:45	246784	----a-w-	c:\windows\SysWow64\hfpapi.dll
2014-06-07 19:57 . 2014-06-07 19:57	1409	----a-w-	c:\windows\QTFont.for
2014-04-25 02:34 . 2014-06-13 19:56	801280	----a-w-	c:\windows\system32\usp10.dll
2014-04-25 02:06 . 2014-06-13 19:56	626688	----a-w-	c:\windows\SysWow64\usp10.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
2014-05-08 10:52	513648	----a-w-	c:\program files (x86)\SupTab\SupTab.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\Rico\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\Rico\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\Rico\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2013-04-22 720064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-16 641704]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2014-05-08 3499896]
"ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2012-08-13 547984]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-03-04 224128]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2014-06-07 77824]
"BrowserSafeguard Update Task"="c:\program files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe" [2014-07-17 3692544]
.
c:\users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Rico\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\SupTab\SearchProtect32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 IePluginServices;IePlugin Services;c:\programdata\IePluginServices\PluginService.exe;c:\programdata\IePluginServices\PluginService.exe [x]
R2 WindowsProtectManger;WindowsProtectManger Service;c:\programdata\WindowsProtectManger\wprotectmanager.exe;c:\programdata\WindowsProtectManger\wprotectmanager.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe;c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys;SysWow64\drivers\AiCharger.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-19 19:07	1104200	----a-w-	c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-22 13:08]
.
2014-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-22 13:35]
.
2014-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-22 13:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\Rico\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\Rico\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\Rico\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\Rico\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-27 558496]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\SupTab\SearchProtect64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.trovi.com/?gd=&ctid=CT3323829&octid=EB_ORIGINAL_CTID&ISID=M9FD30DC1-0F75-48F8-B665-1DE3C683EBE0&SearchSource=55&CUI=&UM=6&UP=SPAD8AFDB2-2C9B-48A0-86C2-DE4DD2757C4C&SSPV=
mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1403081456&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57&q={searchTerms}
mDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1403081456&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57
mStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1403081456&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1403081456&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57&q={searchTerms}
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:49157;https=127.0.0.1:49157
IE: &Citavi Picker... - file://c:\program files (x86)\Internet Explorer\Citavi Picker\ShowContextMenu.html
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-07-20  16:39:47
ComboFix-quarantined-files.txt  2014-07-20 14:39
ComboFix2.txt  2014-07-17 14:48
.
Vor Suchlauf: 13 Verzeichnis(se), 256.188.518.400 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 256.204.767.232 Bytes frei
.
- - End Of File - - 7B7751827EFC6EFA3990157C66C46B6D
A36C5E4F47E84449FF07ED3517B43A31
__________________
Alt 20.07.2014, 18:04   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7: Internet Explorer startet automatisch Werbung/ Webseiten werden auf Werbung umgeleitet - Standard

Windows 7: Internet Explorer startet automatisch Werbung/ Webseiten werden auf Werbung umgeleitet


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.07.2014, 20:04   #5
ihansklaus
 
Windows 7: Internet Explorer startet automatisch Werbung/ Webseiten werden auf Werbung umgeleitet - Standard

Windows 7: Internet Explorer startet automatisch Werbung/ Webseiten werden auf Werbung umgeleitet


Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 20.07.2014
Suchlauf-Zeit: 19:19:23
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.20.04
Rootkit Datenbank: v2014.07.17.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Rico

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 286687
Verstrichene Zeit: 12 Min, 36 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 2
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, 1296, Löschen bei Neustart, [5173ecb5205bc175e0853d21b44d5fa1]
PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger\wprotectmanager.exe, 1480, Löschen bei Neustart, [bf05079a3447251180df4c45df2232ce]

Module: 1
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, Löschen bei Neustart, [b212029f2f4cd4624271414c25dc8977], 

Registrierungsschlüssel: 17
PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginServices, In Quarantäne, [5173ecb5205bc175e0853d21b44d5fa1], 
PUP.Optional.WPM.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsProtectManger, In Quarantäne, [bf05079a3447251180df4c45df2232ce], 
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WindowsProtectManger, In Quarantäne, [bf05079a3447251180df4c45df2232ce], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [f9cb8d146f0cbc7a0b789fbcae548e72], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [f9cb8d146f0cbc7a0b789fbcae548e72], 
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1296850485-3907825808-2435419184-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [b80cd7cac8b367cf0129b89f4eb413ed], 
PUP.Optional.OffersWizard.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\inethnfd, In Quarantäne, [9c28742d2655b1854a4de9da33cf9769], 
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\LevelQualityWatcher, In Quarantäne, [7b49adf4d2a9201663c6d1f637cbc13f], 
PUP.Optional.RRSavings.A, HKLM\SOFTWARE\rrsavings, In Quarantäne, [9d27425f0e6d9f9740d307d106fc08f8], 
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [24a05051bfbcae8835710606ef15c23e], 
PUP.Optional.WindowsProtectManger.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsProtectManger, In Quarantäne, [f8cc9f020b70cd69f85c2e9800020ef2], 
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, In Quarantäne, [853f31707cff5bdb0c57508e6e94b34d], 
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [7450b4ed9ae1bd7990166aa2a75da45c], 
PUP.Optional.WeatherItUp.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Weather It Up, In Quarantäne, [754f465bd4a7c472228a578c788adc24], 
PUP.Optional.RRSavings.A, HKU\S-1-5-21-1296850485-3907825808-2435419184-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Rr Savings, In Quarantäne, [b113d3ce2a51cf67b0678058d42e11ef], 
PUP.Optional.SuperFish.A, HKU\S-1-5-21-1296850485-3907825808-2435419184-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, In Quarantäne, [5272efb2fc7f68cec84953740cf61ee2], 
PUP.Optional.Qone8, HKU\S-1-5-21-1296850485-3907825808-2435419184-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [1fa5673a28537cbae0c521ebf70d55ab], 

Registrierungswerte: 1
PUP.Optional.WPM.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSPROTECTMANGER|ImagePath, C:\ProgramData\WindowsProtectManger\wprotectmanager.exe -service, In Quarantäne, [c9fb544da8d3ca6c40677f4ac43e619f]

Registrierungsdaten: 8
PUP.Optional.Skytech.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SupTab\SEARCH~2.DLL, Gut: (), Schlecht: (C:\PROGRA~2\SupTab\SEARCH~2.DLL),Ersetzt,[9133e0c1bac1e25422917b12a75aac54]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1403081456&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1403081456&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57),Ersetzt,[13b1f5acea91a88e51aa3f607292b24e]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[477de0c1403b7cba32f8713935cf8977]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1403081456&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1403081456&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57&q={searchTerms}),Ersetzt,[3391930e5c1f191d59a08d128b7935cb]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1403081456&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1403081456&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57),Ersetzt,[daea247dc4b7033356a1950a11f3827e]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1403081456&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1403081456&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57),Ersetzt,[d5efb0f16c0fb284d328039c12f227d9]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[566eb3ee85f626100426c5e537cda759]
PUP.Optional.Trovi.A, HKU\S-1-5-21-1296850485-3907825808-2435419184-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.trovi.com/?gd=&ctid=CT3323829&octid=EB_ORIGINAL_CTID&ISID=M9FD30DC1-0F75-48F8-B665-1DE3C683EBE0&SearchSource=55&CUI=&UM=6&UP=SPAD8AFDB2-2C9B-48A0-86C2-DE4DD2757C4C&SSPV=, Gut: (www.google.com), Schlecht: (hxxp://www.trovi.com/?gd=&ctid=CT3323829&octid=EB_ORIGINAL_CTID&ISID=M9FD30DC1-0F75-48F8-B665-1DE3C683EBE0&SearchSource=55&CUI=&UM=6&UP=SPAD8AFDB2-2C9B-48A0-86C2-DE4DD2757C4C&SSPV=),Ersetzt,[e7dde2bf146785b10d5c2e714eb6e020]

Ordner: 40
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config, In Quarantäne, [9c28742d2655b1854a4de9da33cf9769], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, Löschen bei Neustart, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
Rogue.Multiple, C:\ProgramData\374311380, In Quarantäne, [a2226f324a3172c4f314a5ef15edee12], 
PUP.Optional.OpenCandy, C:\Users\Rico\AppData\Roaming\OpenCandy, In Quarantäne, [84404f527209df578a201a89fd05837d], 
PUP.Optional.OpenCandy, C:\Users\Rico\AppData\Roaming\OpenCandy\8130BE1525174DA3B97D3701F7F97513, In Quarantäne, [84404f527209df578a201a89fd05837d], 
PUP.Optional.OpenCandy, C:\Users\Rico\AppData\Roaming\OpenCandy\FEE391BD11614A0D9B3D28DF4D4D6E0A, In Quarantäne, [84404f527209df578a201a89fd05837d], 
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter, In Quarantäne, [b90bf1b02d4e0e28022fe3cc51b1e61a], 
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\SSL, In Quarantäne, [b90bf1b02d4e0e28022fe3cc51b1e61a], 
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, Löschen bei Neustart, [af15b2ef9ae1ee488ff216a3db279a66], 
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, In Quarantäne, [af15b2ef9ae1ee488ff216a3db279a66], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger, Löschen bei Neustart, [53712b764c2f2e08e74101b97a88ae52], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger\log, In Quarantäne, [53712b764c2f2e08e74101b97a88ae52], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger\update, In Quarantäne, [53712b764c2f2e08e74101b97a88ae52], 
PUP.Optional.FreeSoftToday.A, C:\Users\Rico\AppData\Local\freeSOFTtoday, In Quarantäne, [91338a1792e9b581b65775484db5d42c], 
PUP.Optional.FreeSoftToday.A, C:\Users\Rico\AppData\Local\freeSOFTtoday\freeSOFTtoday, In Quarantäne, [91338a1792e9b581b65775484db5d42c], 
PUP.Optional.FreeSoftToday.A, C:\Users\Rico\AppData\Local\freeSOFTtoday\freeSOFTtoday\1.0, In Quarantäne, [91338a1792e9b581b65775484db5d42c], 

Dateien: 77
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, Löschen bei Neustart, [5173ecb5205bc175e0853d21b44d5fa1], 
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, Löschen bei Neustart, [b212029f2f4cd4624271414c25dc8977], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger\wprotectmanager.exe, Löschen bei Neustart, [bf05079a3447251180df4c45df2232ce], 
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect64.dll, In Quarantäne, [9133e0c1bac1e25422917b12a75aac54], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, In Quarantäne, [f9cb8d146f0cbc7a0b789fbcae548e72], 
PUP.Optional.Conduit.A, C:\Users\Rico\AppData\Roaming\OpenCandy\8130BE1525174DA3B97D3701F7F97513\SSStub_SearchProtect_p1v0.exe, In Quarantäne, [576d445ddf9cb680c9d376aed928e51b], 
PUP.Optional.Skytech.A, C:\$RECYCLE.BIN\S-1-5-21-1296850485-3907825808-2435419184-1000\$RIXN03Z\UninstallManager.exe, In Quarantäne, [e4e0594882f92511159e0984758c43bd], 
PUP.Optional.AdPeak.A, C:\temp\t.msi, In Quarantäne, [fec60c95bac1d95dcbdc4253f311f709], 
PUP.Optional.Amonetize, C:\Windows\SysWOW64\nethtsrv.exe, In Quarantäne, [5173c8d96f0c40f63fc22c69cb36f50b], 
PUP.Optional.Amonetize, C:\Windows\SysWOW64\netupdsrv.exe, In Quarantäne, [b014445dd4a75cdac240346116eb07f9], 
PUP.Optional.NetFilter, C:\Windows\System32\drivers\nethfdrv.sys, In Quarantäne, [9e26059caad15dd9a8877421dd24ec14], 
PUP.Optional.OptimumInstaller.A, C:\Users\Rico\Downloads\setup.exe, In Quarantäne, [d8ecf2af265543f3d6ea9eb739c87f81], 
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\ver.xml, In Quarantäne, [9c28742d2655b1854a4de9da33cf9769], 
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\data.xml, In Quarantäne, [9c28742d2655b1854a4de9da33cf9769], 
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\uninstinethnfd.exe, In Quarantäne, [9c28742d2655b1854a4de9da33cf9769], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface64.dll, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterfacef32.dll, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\RSHP.exe, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SpAPPSv32.dll, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SpAPPSv64.dll, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WebDataJs, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\arrow.png, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo.png, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo_hover.png, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_logo.png, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo.png, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo2.png, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\0.png, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ie8.js, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit.js, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, In Quarantäne, [43819e0392e96bcbe4c5a93e867cdb25], 
Rogue.Multiple, C:\ProgramData\374311380\BITACB5.tmp, In Quarantäne, [a2226f324a3172c4f314a5ef15edee12], 
PUP.Optional.OpenCandy, C:\Users\Rico\AppData\Roaming\OpenCandy\FEE391BD11614A0D9B3D28DF4D4D6E0A\Trial-14.0.1000.89_de-DE_1004732_DE-1.exe, In Quarantäne, [84404f527209df578a201a89fd05837d], 
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, In Quarantäne, [af15b2ef9ae1ee488ff216a3db279a66], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger\log\wprotectmanager_2014-06-18[10-51-11-342].log, In Quarantäne, [53712b764c2f2e08e74101b97a88ae52], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger\update\conf, In Quarantäne, [53712b764c2f2e08e74101b97a88ae52], 
PUP.Optional.FreeSoftToday.A, C:\Users\Rico\AppData\Local\freeSOFTtoday\freeSOFTtoday\1.0\freeSOFTtoday.cyl, In Quarantäne, [91338a1792e9b581b65775484db5d42c], 
PUP.Optional.WebsSearches.A, C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (      "startup_urls": [ "hxxp://istart.webssearches.com/?type=hppp&ts=1405608273&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57" ],), Ersetzt,[9430f5acdf9c63d370b09841a95b867a]
PUP.Optional.WebsSearches.A, C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (   "homepage": "hxxp://istart.webssearches.com/?type=hppp&ts=1405608273&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57",), Ersetzt,[d7ed7928a8d393a3210015c4f90b06fa]

Physische Sektoren: 0
(No malicious items detected)


(end)
Code:
ATTFilter
# AdwCleaner v3.216 - Bericht erstellt am 20/07/2014 um 20:12:53
# Aktualisiert 17/07/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Rico - RICO-PC
# Gestartet von : C:\Users\Rico\Downloads\adwcleaner_3.216.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : globalUpdatem

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Registry Helper
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Program Files\002
Ordner Gelöscht : C:\Users\Rico\AppData\Local\Browsersafeguard
Ordner Gelöscht : C:\Users\Rico\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Rico\AppData\Roaming\InetStat
Ordner Gelöscht : C:\Users\Rico\AppData\Roaming\SupTab
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\SysWOW64\hfpapi.dll
Datei Gelöscht : C:\Windows\SysWOW64\installd.exe
Datei Gelöscht : C:\Windows\SysWOW64\RegistryHelperLM.ocx

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Rico\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Rico\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Rico\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKCU\Software\genesis
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\TutoTag
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\Free_soft_today
Schlüssel Gelöscht : HKLM\Software\GlobalUpdate
Schlüssel Gelöscht : HKLM\Software\Registry Helper
Schlüssel Gelöscht : HKLM\Software\SupDp
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\Tutorials
Schlüssel Gelöscht : HKLM\Software\Wpm
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~1.DLL

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17207

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v36.0.1985.125

[ Datei : C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=dspp&ts=1405875039&from=amt&uid=WDCXWD3200BEVS-26VAT0_WD-WXK0E59ARH57ARH57&q={searchTerms}
Gelöscht [Extension] : bopakagnckmlgajfccecajhnimjiiedh

*************************

AdwCleaner[R0].txt - [5277 octets] - [20/07/2014 20:11:39]
AdwCleaner[S0].txt - [4204 octets] - [20/07/2014 20:12:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4264 octets] ##########
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Rico on 20.07.2014 at 20:42:12,38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.07.2014 at 20:55:23,82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-07-2014
Ran by Rico (administrator) on RICO-PC on 20-07-2014 20:56:30
Running from C:\Users\Rico\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Rico\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
() C:\Program Files (x86)\Opera\22.0.1471.50\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2012-04-04] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-04] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [77824 2014-06-07] (Apple Computer, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)
HKU\S-1-5-21-1296850485-3907825808-2435419184-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-1296850485-3907825808-2435419184-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Rico\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x005ADF4C7C42CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - URL hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SPEFC849AC-009D-49B5-B945-6CD5047C9535&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.0.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.0.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-07-20]

Chrome: 
=======
CHR HomePage: 
CHR DefaultSearchKeyword: webssearches
CHR Extension: (Google Docs) - C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-17]
CHR Extension: (Google Drive) - C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-17]
CHR Extension: (YouTube) - C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-17]
CHR Extension: (Google-Suche) - C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-17]
CHR Extension: (Adobe Acrobat – PDF-Datei erstellen) - C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-07-17]
CHR Extension: (Google Wallet) - C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-17]
CHR Extension: (Citavi Picker) - C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2014-07-20]
CHR Extension: (Google Mail) - C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-17]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - C:\Program Files (x86)\Citavi 4\Pickers\Chrome\ChromePicker.crx [2014-02-07]

==================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-18] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-20 20:56 - 2014-07-20 20:56 - 00015220 _____ () C:\Users\Rico\Downloads\FRST.txt
2014-07-20 20:56 - 2014-07-20 20:56 - 00000000 ____D () C:\Users\Rico\Downloads\FRST-OlderVersion
2014-07-20 20:55 - 2014-07-20 20:55 - 00000624 _____ () C:\Users\Rico\Desktop\JRT.txt
2014-07-20 20:18 - 2014-07-20 20:18 - 01016261 _____ (Thisisu) C:\Users\Rico\Downloads\JRT.exe
2014-07-20 20:18 - 2014-07-20 20:18 - 00000000 ____D () C:\Windows\ERUNT
2014-07-20 20:15 - 2014-07-20 20:15 - 00004348 _____ () C:\Users\Rico\Desktop\AdwCleaner[S0].txt
2014-07-20 20:12 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-20 20:11 - 2014-07-20 20:12 - 00000000 ____D () C:\AdwCleaner
2014-07-20 20:11 - 2014-07-20 20:11 - 01354223 _____ () C:\Users\Rico\Downloads\adwcleaner_3.216.exe
2014-07-20 20:07 - 2014-07-20 20:07 - 00022999 _____ () C:\Users\Rico\Desktop\mbam.txt
2014-07-20 19:17 - 2014-07-20 20:39 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-20 19:17 - 2014-07-20 19:17 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-20 19:17 - 2014-07-20 19:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-20 19:17 - 2014-07-20 19:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-20 19:17 - 2014-07-20 19:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-20 19:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-20 19:17 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-20 19:17 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-20 19:15 - 2014-07-20 19:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Rico\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-20 18:42 - 2014-07-20 18:42 - 00000000 ____D () C:\Users\Rico\AppData\Local\Swiss Academic Software
2014-07-20 17:18 - 2014-07-20 17:50 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2014-07-20 17:18 - 2014-07-20 17:50 - 00002210 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2014-07-20 17:18 - 2014-07-20 17:50 - 00002049 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2014-07-20 17:18 - 2014-07-20 17:18 - 00002140 _____ () C:\Users\Public\Desktop\Adobe FormsCentral.lnk
2014-07-20 17:18 - 2014-07-20 17:18 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
2014-07-20 16:39 - 2014-07-20 16:39 - 00020494 _____ () C:\ComboFix.txt
2014-07-20 16:26 - 2014-07-20 18:50 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-20 16:25 - 2014-07-20 16:25 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Rico\Downloads\revosetup95.exe
2014-07-18 10:13 - 2014-07-20 18:56 - 00000000 ____D () C:\Users\Rico\Documents\Citavi 4
2014-07-18 10:13 - 2014-07-20 18:56 - 00000000 ____D () C:\Users\Rico\AppData\Roaming\Swiss Academic Software
2014-07-18 10:13 - 2014-07-18 10:13 - 00000000 ____D () C:\ProgramData\Swiss Academic Software
2014-07-18 09:50 - 2014-07-18 09:50 - 00001949 _____ () C:\Users\Public\Desktop\Citavi 4.lnk
2014-07-18 09:50 - 2014-07-18 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 4
2014-07-18 09:48 - 2014-07-18 09:50 - 00000000 ____D () C:\Program Files (x86)\Citavi 4
2014-07-18 09:46 - 2014-07-18 09:46 - 00000000 ____D () C:\Users\Rico\AppData\Local\Downloaded Installations
2014-07-17 17:59 - 2014-07-18 13:03 - 01592824 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-17 17:50 - 2014-07-17 17:51 - 88342536 _____ (Swiss Academic Software) C:\Users\Rico\Downloads\Citavi4Setup.exe
2014-07-17 17:03 - 2014-07-17 17:03 - 00380416 _____ () C:\Users\Rico\Downloads\Gmer-19357.exe
2014-07-17 17:00 - 2014-07-20 20:56 - 00000000 ____D () C:\FRST
2014-07-17 16:59 - 2014-07-20 20:56 - 02089984 _____ (Farbar) C:\Users\Rico\Downloads\FRST64.exe
2014-07-17 16:58 - 2014-07-17 16:58 - 00000168 _____ () C:\Users\Rico\defogger_reenable
2014-07-17 16:57 - 2014-07-17 16:57 - 00050477 _____ () C:\Users\Rico\Downloads\Defogger.exe
2014-07-17 16:44 - 2014-07-20 20:39 - 00001736 _____ () C:\Windows\setupact.log
2014-07-17 16:44 - 2014-07-17 16:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-17 16:43 - 2014-07-20 20:13 - 00147474 _____ () C:\Windows\PFRO.log
2014-07-17 16:32 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-17 16:32 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-17 16:32 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-17 16:32 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-17 16:32 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-17 16:32 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-17 16:32 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-17 16:32 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-17 16:30 - 2014-07-20 16:39 - 00000000 ____D () C:\Qoobox
2014-07-17 16:30 - 2014-07-17 16:47 - 00000000 ____D () C:\Windows\erdnt
2014-07-17 16:28 - 2014-07-17 16:28 - 00003114 _____ () C:\Windows\System32\Tasks\{A5DB3CBF-5CD9-4D0C-A0CE-2315700566F5}
2014-07-17 16:25 - 2014-07-20 16:30 - 05222180 ____R (Swearware) C:\Users\Rico\Downloads\ComboFix.exe
2014-07-17 16:24 - 2014-07-17 16:26 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-17 16:24 - 2014-07-17 16:25 - 00003238 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-07-17 16:22 - 2014-07-17 16:22 - 00002251 _____ () C:\Users\Rico\Desktop\Google Chrome.lnk
2014-07-17 15:39 - 2014-07-17 15:40 - 04812672 _____ (Piriform Ltd) C:\Users\Rico\Downloads\ccsetup415.exe
2014-07-17 14:41 - 2014-07-17 14:41 - 00000687 _____ () C:\awh10A2.tmp
2014-07-17 12:49 - 2014-07-17 12:49 - 00000687 _____ () C:\awhECE.tmp
2014-07-16 12:45 - 2014-07-16 12:45 - 00000687 _____ () C:\awhC9D.tmp
2014-07-15 10:15 - 2014-07-15 10:15 - 00000687 _____ () C:\awh878.tmp
2014-07-14 15:57 - 2014-07-14 18:57 - 00074626 _____ () C:\Users\Rico\Desktop\Projektphasen.pptx
2014-07-14 13:54 - 2014-07-14 13:54 - 00000687 _____ () C:\awh8A7.tmp
2014-07-11 16:37 - 2014-07-17 16:30 - 01043188 _____ () C:\Users\Rico\AppData\Local\uucbbppw.gss
2014-07-11 16:37 - 2014-07-17 16:30 - 00184320 _____ () C:\Users\Rico\AppData\Local\uucbbppw.gdb
2014-07-10 20:19 - 2014-07-10 20:19 - 00000687 _____ () C:\awh962.tmp
2014-07-10 17:55 - 2014-07-10 19:15 - 00000000 ____D () C:\Users\Rico\Desktop\Zeug für Bewerbung
2014-07-10 14:52 - 2014-07-10 14:52 - 00000687 _____ () C:\awh1FA0.tmp
2014-07-09 11:46 - 2014-07-09 11:46 - 00002832 _____ () C:\Users\Rico\Downloads\Antwort_ 7_1 Schland.zip
2014-07-09 11:20 - 2014-07-09 11:20 - 00000687 _____ () C:\awh9829.tmp
2014-07-09 09:37 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 09:37 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 09:37 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 09:37 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 09:37 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 09:37 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 09:37 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 09:37 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 09:37 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 09:37 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 09:37 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 09:37 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 09:37 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 09:37 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 09:37 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 09:37 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 09:37 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 09:37 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 09:37 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 09:37 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 09:37 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 09:37 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 09:37 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 09:37 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 09:37 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 09:37 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 09:37 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 09:37 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 09:37 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 09:37 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 09:37 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 09:37 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 09:37 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 09:37 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 09:37 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 09:37 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 09:37 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 09:37 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 09:37 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 09:37 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 09:37 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 09:37 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 09:37 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 09:37 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 09:37 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 09:37 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 09:37 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 09:37 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 09:37 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 09:37 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 09:37 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 09:37 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 09:37 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 09:37 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 09:37 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 09:37 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 09:37 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 09:37 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 09:37 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 09:37 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 09:36 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 09:36 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 09:36 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 09:36 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 09:36 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-09 09:29 - 2014-07-09 09:29 - 00000687 _____ () C:\awh6F2.tmp
2014-07-08 16:51 - 2014-07-10 20:48 - 00000000 ____D () C:\Users\Rico\Desktop\Samson
2014-07-07 19:39 - 2014-07-07 19:39 - 00000687 _____ () C:\awh34F4.tmp
2014-07-07 13:57 - 2014-07-07 13:57 - 00000687 _____ () C:\awh1D30.tmp
2014-07-07 10:02 - 2014-07-07 10:02 - 00000687 _____ () C:\awhFD03.tmp
2014-07-07 09:08 - 2014-07-07 09:08 - 00000687 _____ () C:\awh1C27.tmp
2014-07-06 21:48 - 2014-07-06 21:49 - 21169658 _____ () C:\Users\Rico\Downloads\PDFverkleinern_flv.mp4
2014-07-06 20:58 - 2014-07-06 20:58 - 00000687 _____ () C:\awh5791.tmp
2014-07-06 20:57 - 2014-07-06 20:57 - 00000000 ____D () C:\Users\Rico\Desktop\PA MA-Bau
2014-07-06 20:10 - 2014-07-10 20:46 - 00000000 ____D () C:\Users\Rico\Desktop\South Africa
2014-07-06 19:53 - 2014-07-06 19:53 - 00014201 _____ () C:\Users\Rico\Downloads\AW_ letter of motivation.zip
2014-07-06 18:33 - 2014-07-06 18:33 - 00000687 _____ () C:\awh981.tmp
2014-07-06 18:15 - 2014-07-06 18:15 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-07-06 18:15 - 2014-07-06 18:15 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-07-06 11:59 - 2014-07-06 11:59 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-07-06 11:35 - 2014-07-06 11:35 - 00000687 _____ () C:\awh20D8.tmp
2014-07-05 15:02 - 2014-07-05 15:08 - 00000000 ____D () C:\Users\Rico\Documents\Wohnung
2014-07-05 12:43 - 2014-07-05 12:43 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-07-05 12:43 - 2014-07-05 12:43 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-07-05 12:43 - 2014-07-05 12:43 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-07-05 12:43 - 2014-07-05 12:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-07-02 17:27 - 2014-07-02 17:27 - 00003164 _____ () C:\Windows\System32\Tasks\{1F6C3454-9EA5-4C60-9934-47B8882F17C4}
2014-07-02 14:21 - 2014-07-02 14:21 - 00000687 _____ () C:\awhEC9F.tmp
2014-07-01 13:38 - 2014-07-01 13:38 - 00000687 _____ () C:\awhE7EE.tmp
2014-06-30 20:56 - 2014-06-30 20:56 - 00009470 _____ () C:\Users\Rico\Desktop\Mietaufstellung.xlsx
2014-06-30 18:01 - 2014-06-30 18:01 - 00000687 _____ () C:\awhEAAC.tmp
2014-06-30 08:43 - 2014-06-30 08:43 - 00000687 _____ () C:\awhEEA2.tmp
2014-06-30 06:48 - 2014-06-30 06:48 - 00000687 _____ () C:\awhE8E7.tmp
2014-06-29 20:06 - 2014-06-29 20:06 - 00000687 _____ () C:\awhEC60.tmp
2014-06-29 16:34 - 2014-06-29 16:34 - 00000687 _____ () C:\awhEC51.tmp
2014-06-29 08:17 - 2014-06-29 08:17 - 00000687 _____ () C:\awhE407.tmp
2014-06-27 12:05 - 2014-06-27 12:05 - 00000687 _____ () C:\awh28F.tmp
2014-06-26 12:06 - 2014-06-26 12:07 - 00029732 _____ () C:\Program.RPT
2014-06-26 09:02 - 2014-06-26 09:02 - 00000687 _____ () C:\awhE9C2.tmp
2014-06-25 23:04 - 2014-06-25 23:04 - 00011009 _____ () C:\Users\Rico\Desktop\urlaub.xlsx
2014-06-25 09:48 - 2014-06-25 09:48 - 00000687 _____ () C:\awhF23A.tmp
2014-06-24 15:52 - 2014-06-24 15:52 - 00000687 _____ () C:\awhF0E3.tmp
2014-06-24 07:57 - 2014-06-24 07:57 - 00000687 _____ () C:\awhF1CD.tmp
2014-06-23 09:23 - 2014-06-23 09:23 - 00000687 _____ () C:\awh2D46.tmp
2014-06-22 08:54 - 2014-06-22 08:54 - 00000687 _____ () C:\awhEACB.tmp
2014-06-22 02:09 - 2014-06-22 02:09 - 00000687 _____ () C:\awhF0B4.tmp
2014-06-21 15:29 - 2014-06-21 15:29 - 00000687 _____ () C:\awh1756.tmp
2014-06-20 22:35 - 2014-06-20 22:35 - 00000687 _____ () C:\awh7FB.tmp
2014-06-20 11:49 - 2014-06-20 11:49 - 00000687 _____ () C:\awh20F7.tmp
2014-06-20 11:40 - 2014-06-20 11:40 - 00013356 _____ () C:\Program1.RPT
2014-06-20 08:43 - 2014-06-20 08:43 - 00000687 _____ () C:\awhAAA.tmp

==================== One Month Modified Files and Folders =======

2014-07-20 20:57 - 2014-07-20 20:56 - 00015220 _____ () C:\Users\Rico\Downloads\FRST.txt
2014-07-20 20:56 - 2014-07-20 20:56 - 00000000 ____D () C:\Users\Rico\Downloads\FRST-OlderVersion
2014-07-20 20:56 - 2014-07-17 17:00 - 00000000 ____D () C:\FRST
2014-07-20 20:56 - 2014-07-17 16:59 - 02089984 _____ (Farbar) C:\Users\Rico\Downloads\FRST64.exe
2014-07-20 20:55 - 2014-07-20 20:55 - 00000624 _____ () C:\Users\Rico\Desktop\JRT.txt
2014-07-20 20:46 - 2009-07-14 06:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-20 20:46 - 2009-07-14 06:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-20 20:44 - 2014-03-18 01:31 - 01367421 _____ () C:\Windows\WindowsUpdate.log
2014-07-20 20:42 - 2014-03-25 17:27 - 00000000 ___RD () C:\Users\Rico\Dropbox
2014-07-20 20:42 - 2014-03-25 17:26 - 00000000 ____D () C:\Users\Rico\AppData\Roaming\DropboxMaster
2014-07-20 20:42 - 2014-03-25 17:25 - 00000000 ____D () C:\Users\Rico\AppData\Roaming\Dropbox
2014-07-20 20:39 - 2014-07-20 19:17 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-20 20:39 - 2014-07-17 16:44 - 00001736 _____ () C:\Windows\setupact.log
2014-07-20 20:39 - 2014-03-22 15:35 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-20 20:39 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-20 20:18 - 2014-07-20 20:18 - 01016261 _____ (Thisisu) C:\Users\Rico\Downloads\JRT.exe
2014-07-20 20:18 - 2014-07-20 20:18 - 00000000 ____D () C:\Windows\ERUNT
2014-07-20 20:15 - 2014-07-20 20:15 - 00004348 _____ () C:\Users\Rico\Desktop\AdwCleaner[S0].txt
2014-07-20 20:13 - 2014-07-17 16:43 - 00147474 _____ () C:\Windows\PFRO.log
2014-07-20 20:12 - 2014-07-20 20:11 - 00000000 ____D () C:\AdwCleaner
2014-07-20 20:12 - 2014-03-22 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-20 20:12 - 2014-03-18 01:40 - 00000993 _____ () C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-20 20:11 - 2014-07-20 20:11 - 01354223 _____ () C:\Users\Rico\Downloads\adwcleaner_3.216.exe
2014-07-20 20:08 - 2014-03-22 15:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-20 20:07 - 2014-07-20 20:07 - 00022999 _____ () C:\Users\Rico\Desktop\mbam.txt
2014-07-20 20:05 - 2014-03-22 15:36 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-20 20:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\security
2014-07-20 20:01 - 2014-06-18 10:53 - 00000000 ____D () C:\temp
2014-07-20 19:17 - 2014-07-20 19:17 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-20 19:17 - 2014-07-20 19:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-20 19:17 - 2014-07-20 19:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-20 19:17 - 2014-07-20 19:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-20 19:16 - 2014-07-20 19:15 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Rico\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-20 18:56 - 2014-07-18 10:13 - 00000000 ____D () C:\Users\Rico\Documents\Citavi 4
2014-07-20 18:56 - 2014-07-18 10:13 - 00000000 ____D () C:\Users\Rico\AppData\Roaming\Swiss Academic Software
2014-07-20 18:53 - 2014-06-08 13:14 - 00000000 ____D () C:\Users\Rico\Documents\Projektarbeit MB
2014-07-20 18:50 - 2014-07-20 16:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-20 18:42 - 2014-07-20 18:42 - 00000000 ____D () C:\Users\Rico\AppData\Local\Swiss Academic Software
2014-07-20 17:50 - 2014-07-20 17:18 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2014-07-20 17:50 - 2014-07-20 17:18 - 00002210 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2014-07-20 17:50 - 2014-07-20 17:18 - 00002049 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2014-07-20 17:25 - 2014-03-18 09:36 - 00109232 _____ () C:\Users\Rico\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-20 17:24 - 2009-07-14 06:45 - 00415656 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-20 17:21 - 2014-06-14 17:16 - 00000000 ____D () C:\Users\Rico\AppData\Local\Adobe
2014-07-20 17:19 - 2014-03-22 18:10 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-07-20 17:18 - 2014-07-20 17:18 - 00002140 _____ () C:\Users\Public\Desktop\Adobe FormsCentral.lnk
2014-07-20 17:18 - 2014-07-20 17:18 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
2014-07-20 17:17 - 2014-03-22 18:57 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-20 17:14 - 2014-03-18 13:11 - 00000000 ____D () C:\Users\Rico\AppData\Roaming\DAEMON Tools Lite
2014-07-20 16:39 - 2014-07-20 16:39 - 00020494 _____ () C:\ComboFix.txt
2014-07-20 16:39 - 2014-07-17 16:30 - 00000000 ____D () C:\Qoobox
2014-07-20 16:37 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-20 16:30 - 2014-07-17 16:25 - 05222180 ____R (Swearware) C:\Users\Rico\Downloads\ComboFix.exe
2014-07-20 16:25 - 2014-07-20 16:25 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Rico\Downloads\revosetup95.exe
2014-07-18 13:03 - 2014-07-17 17:59 - 01592824 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-18 13:03 - 2011-04-12 09:43 - 00699160 _____ () C:\Windows\system32\perfh007.dat
2014-07-18 13:03 - 2011-04-12 09:43 - 00149268 _____ () C:\Windows\system32\perfc007.dat
2014-07-18 13:03 - 2009-07-14 07:13 - 01592824 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-18 10:13 - 2014-07-18 10:13 - 00000000 ____D () C:\ProgramData\Swiss Academic Software
2014-07-18 09:50 - 2014-07-18 09:50 - 00001949 _____ () C:\Users\Public\Desktop\Citavi 4.lnk
2014-07-18 09:50 - 2014-07-18 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 4
2014-07-18 09:50 - 2014-07-18 09:48 - 00000000 ____D () C:\Program Files (x86)\Citavi 4
2014-07-18 09:46 - 2014-07-18 09:46 - 00000000 ____D () C:\Users\Rico\AppData\Local\Downloaded Installations
2014-07-17 17:51 - 2014-07-17 17:50 - 88342536 _____ (Swiss Academic Software) C:\Users\Rico\Downloads\Citavi4Setup.exe
2014-07-17 17:03 - 2014-07-17 17:03 - 00380416 _____ () C:\Users\Rico\Downloads\Gmer-19357.exe
2014-07-17 16:58 - 2014-07-17 16:58 - 00000168 _____ () C:\Users\Rico\defogger_reenable
2014-07-17 16:58 - 2014-03-18 01:38 - 00000000 ____D () C:\Users\Rico
2014-07-17 16:57 - 2014-07-17 16:57 - 00050477 _____ () C:\Users\Rico\Downloads\Defogger.exe
2014-07-17 16:48 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-07-17 16:47 - 2014-07-17 16:30 - 00000000 ____D () C:\Windows\erdnt
2014-07-17 16:44 - 2014-07-17 16:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-17 16:43 - 2009-07-14 04:34 - 63963136 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-07-17 16:43 - 2009-07-14 04:34 - 14942208 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-07-17 16:43 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-07-17 16:43 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-07-17 16:43 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-07-17 16:30 - 2014-07-11 16:37 - 01043188 _____ () C:\Users\Rico\AppData\Local\uucbbppw.gss
2014-07-17 16:30 - 2014-07-11 16:37 - 00184320 _____ () C:\Users\Rico\AppData\Local\uucbbppw.gdb
2014-07-17 16:28 - 2014-07-17 16:28 - 00003114 _____ () C:\Windows\System32\Tasks\{A5DB3CBF-5CD9-4D0C-A0CE-2315700566F5}
2014-07-17 16:26 - 2014-07-17 16:24 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-17 16:25 - 2014-07-17 16:24 - 00003238 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-07-17 16:22 - 2014-07-17 16:22 - 00002251 _____ () C:\Users\Rico\Desktop\Google Chrome.lnk
2014-07-17 16:22 - 2014-03-22 15:35 - 00000000 ____D () C:\Users\Rico\AppData\Local\Google
2014-07-17 15:45 - 2014-05-14 18:39 - 00000000 ____D () C:\Windows\Minidump
2014-07-17 15:45 - 2014-03-18 01:28 - 00000000 ____D () C:\Windows\Panther
2014-07-17 15:40 - 2014-07-17 15:39 - 04812672 _____ (Piriform Ltd) C:\Users\Rico\Downloads\ccsetup415.exe
2014-07-17 14:41 - 2014-07-17 14:41 - 00000687 _____ () C:\awh10A2.tmp
2014-07-17 12:49 - 2014-07-17 12:49 - 00000687 _____ () C:\awhECE.tmp
2014-07-16 12:45 - 2014-07-16 12:45 - 00000687 _____ () C:\awhC9D.tmp
2014-07-15 10:15 - 2014-07-15 10:15 - 00000687 _____ () C:\awh878.tmp
2014-07-14 18:57 - 2014-07-14 15:57 - 00074626 _____ () C:\Users\Rico\Desktop\Projektphasen.pptx
2014-07-14 13:54 - 2014-07-14 13:54 - 00000687 _____ () C:\awh8A7.tmp
2014-07-10 20:48 - 2014-07-08 16:51 - 00000000 ____D () C:\Users\Rico\Desktop\Samson
2014-07-10 20:46 - 2014-07-06 20:10 - 00000000 ____D () C:\Users\Rico\Desktop\South Africa
2014-07-10 20:19 - 2014-07-10 20:19 - 00000687 _____ () C:\awh962.tmp
2014-07-10 19:15 - 2014-07-10 17:55 - 00000000 ____D () C:\Users\Rico\Desktop\Zeug für Bewerbung
2014-07-10 16:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-10 15:08 - 2014-03-22 15:35 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-10 15:08 - 2014-03-22 15:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-10 15:08 - 2014-03-22 15:35 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-10 14:52 - 2014-07-10 14:52 - 00000687 _____ () C:\awh1FA0.tmp
2014-07-09 11:46 - 2014-07-09 11:46 - 00002832 _____ () C:\Users\Rico\Downloads\Antwort_ 7_1 Schland.zip
2014-07-09 11:20 - 2014-07-09 11:20 - 00000687 _____ () C:\awh9829.tmp
2014-07-09 11:14 - 2011-04-12 09:55 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 09:45 - 2014-03-18 13:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 09:44 - 2014-03-18 10:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 09:42 - 2014-03-18 10:18 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 09:29 - 2014-07-09 09:29 - 00000687 _____ () C:\awh6F2.tmp
2014-07-07 19:39 - 2014-07-07 19:39 - 00000687 _____ () C:\awh34F4.tmp
2014-07-07 17:37 - 2009-07-14 04:34 - 00000478 _____ () C:\Windows\win.ini
2014-07-07 13:57 - 2014-07-07 13:57 - 00000687 _____ () C:\awh1D30.tmp
2014-07-07 11:59 - 2014-03-26 17:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2014-07-07 10:02 - 2014-07-07 10:02 - 00000687 _____ () C:\awhFD03.tmp
2014-07-07 09:08 - 2014-07-07 09:08 - 00000687 _____ () C:\awh1C27.tmp
2014-07-06 21:49 - 2014-07-06 21:48 - 21169658 _____ () C:\Users\Rico\Downloads\PDFverkleinern_flv.mp4
2014-07-06 20:58 - 2014-07-06 20:58 - 00000687 _____ () C:\awh5791.tmp
2014-07-06 20:57 - 2014-07-06 20:57 - 00000000 ____D () C:\Users\Rico\Desktop\PA MA-Bau
2014-07-06 19:53 - 2014-07-06 19:53 - 00014201 _____ () C:\Users\Rico\Downloads\AW_ letter of motivation.zip
2014-07-06 18:33 - 2014-07-06 18:33 - 00000687 _____ () C:\awh981.tmp
2014-07-06 18:15 - 2014-07-06 18:15 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-07-06 18:15 - 2014-07-06 18:15 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-07-06 11:59 - 2014-07-06 11:59 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-07-06 11:59 - 2014-03-18 09:52 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-06 11:35 - 2014-07-06 11:35 - 00000687 _____ () C:\awh20D8.tmp
2014-07-05 15:08 - 2014-07-05 15:02 - 00000000 ____D () C:\Users\Rico\Documents\Wohnung
2014-07-05 12:43 - 2014-07-05 12:43 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-07-05 12:43 - 2014-07-05 12:43 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-07-05 12:43 - 2014-07-05 12:43 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-07-05 12:43 - 2014-07-05 12:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-07-03 08:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-02 17:27 - 2014-07-02 17:27 - 00003164 _____ () C:\Windows\System32\Tasks\{1F6C3454-9EA5-4C60-9934-47B8882F17C4}
2014-07-02 14:21 - 2014-07-02 14:21 - 00000687 _____ () C:\awhEC9F.tmp
2014-07-01 22:28 - 2014-06-18 10:51 - 00000000 ____D () C:\Users\Rico\AppData\Local\Genesis_06180851
2014-07-01 13:38 - 2014-07-01 13:38 - 00000687 _____ () C:\awhE7EE.tmp
2014-06-30 20:56 - 2014-06-30 20:56 - 00009470 _____ () C:\Users\Rico\Desktop\Mietaufstellung.xlsx
2014-06-30 18:01 - 2014-06-30 18:01 - 00000687 _____ () C:\awhEAAC.tmp
2014-06-30 08:43 - 2014-06-30 08:43 - 00000687 _____ () C:\awhEEA2.tmp
2014-06-30 06:48 - 2014-06-30 06:48 - 00000687 _____ () C:\awhE8E7.tmp
2014-06-29 20:06 - 2014-06-29 20:06 - 00000687 _____ () C:\awhEC60.tmp
2014-06-29 16:34 - 2014-06-29 16:34 - 00000687 _____ () C:\awhEC51.tmp
2014-06-29 09:00 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-29 08:17 - 2014-06-29 08:17 - 00000687 _____ () C:\awhE407.tmp
2014-06-27 12:05 - 2014-06-27 12:05 - 00000687 _____ () C:\awh28F.tmp
2014-06-26 12:07 - 2014-06-26 12:06 - 00029732 _____ () C:\Program.RPT
2014-06-26 09:02 - 2014-06-26 09:02 - 00000687 _____ () C:\awhE9C2.tmp
2014-06-25 23:04 - 2014-06-25 23:04 - 00011009 _____ () C:\Users\Rico\Desktop\urlaub.xlsx
2014-06-25 09:48 - 2014-06-25 09:48 - 00000687 _____ () C:\awhF23A.tmp
2014-06-24 15:52 - 2014-06-24 15:52 - 00000687 _____ () C:\awhF0E3.tmp
2014-06-24 07:57 - 2014-06-24 07:57 - 00000687 _____ () C:\awhF1CD.tmp
2014-06-23 09:23 - 2014-06-23 09:23 - 00000687 _____ () C:\awh2D46.tmp
2014-06-22 08:54 - 2014-06-22 08:54 - 00000687 _____ () C:\awhEACB.tmp
2014-06-22 02:09 - 2014-06-22 02:09 - 00000687 _____ () C:\awhF0B4.tmp
2014-06-21 15:29 - 2014-06-21 15:29 - 00000687 _____ () C:\awh1756.tmp
2014-06-20 22:35 - 2014-06-20 22:35 - 00000687 _____ () C:\awh7FB.tmp
2014-06-20 22:14 - 2014-07-09 09:37 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 21:39 - 2014-07-09 09:37 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-20 11:49 - 2014-06-20 11:49 - 00000687 _____ () C:\awh20F7.tmp
2014-06-20 11:40 - 2014-06-20 11:40 - 00013356 _____ () C:\Program1.RPT
2014-06-20 08:43 - 2014-06-20 08:43 - 00000687 _____ () C:\awhAAA.tmp

Some content of TEMP:
====================
C:\Users\Rico\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpeueotr.dll
C:\Users\Rico\AppData\Local\Temp\Quarantine.exe
C:\Users\Rico\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Rico\AppData\Local\Temp\System.Data.SQLite10291.dll
C:\Users\Rico\AppData\Local\Temp\System.Data.SQLite20428.dll
C:\Users\Rico\AppData\Local\Temp\System.Data.SQLite26316.dll
C:\Users\Rico\AppData\Local\Temp\System.Data.SQLite44829.dll
C:\Users\Rico\AppData\Local\Temp\System.Data.SQLite87153.dll
C:\Users\Rico\AppData\Local\Temp\System.Data.SQLite96679.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-08 03:16

==================== End Of Log ============================
--- --- ---

--- --- ---


die nervigen Werbeanzeigen sind schon mal weg.


Alt 21.07.2014, 10:54   #6
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7: Internet Explorer startet automatisch Werbung/ Webseiten werden auf Werbung umgeleitet - Standard

Windows 7: Internet Explorer startet automatisch Werbung/ Webseiten werden auf Werbung umgeleitet



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> Windows 7: Internet Explorer startet automatisch Werbung/ Webseiten werden auf Werbung umgeleitet

Alt 27.07.2014, 16:20   #7
ihansklaus
 
Windows 7: Internet Explorer startet automatisch Werbung/ Webseiten werden auf Werbung umgeleitet - Standard

Windows 7: Internet Explorer startet automatisch Werbung/ Webseiten werden auf Werbung umgeleitet


Sorry für die späte Antwort...

Hier die geforderten Logs

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=24ee27b4f9558d4fa16b52f7c12d43a5
# engine=19367
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-27 03:13:04
# local_time=2014-07-27 05:13:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 1916972 29457978 0 0
# scanned=152701
# found=13
# cleaned=0
# scan_time=12888
sh=796D8248F8D85FB8A4C93EFAA6F8CB862E21DEE1 ft=1 fh=c708d6978ce28195 vn="Variante von MSIL/Adware.iBryte.D Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rico\AppData\Local\Browsersafeguard\uninstall.BrowserSafeguard.exe.vir"
sh=E76C78A2C18ADAE413CD6087DEF2EB5D11357F59 ft=1 fh=697088dd8b57dba8 vn="Win32/RiskWare.NetFilter.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\hfpapi.dll.vir"
sh=34BD469EC9D6F93F6BD4BD3EF0B977B302E3E98C ft=1 fh=a3e3d775bcd9d9e3 vn="Win32/Amonetize.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\installd.exe.vir"
sh=98CBA0CADA8C9F30C84FF50D287DCD480CEA7BAA ft=1 fh=c71c0011333e4eb4 vn="Variante von Win32/Skintrim.EW Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Rico\AppData\Local\uucbbppw.exe.vir"
sh=15DF73618AC6DC9E3B26953DF9151E1A7BBFC3F5 ft=0 fh=0000000000000000 vn="Win64/Adware.Adpeak.D Anwendung" ac=I fn="C:\temp\InstallFilter64.msi"
sh=C8ED85CBB679DFF0D72E7D8C79CE5E74B5EFADE0 ft=1 fh=37dd7ede875c1f3d vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10OSYZ0N\spstub[1].exe"
sh=11017D953CD39292A0962FE89618D214CEF371B2 ft=1 fh=fbe7624405bcfcbf vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1DKYMUSX\SPSetup[1].exe"
sh=8E8D06EBD530394AE4B5C85B645C79C3062505DE ft=1 fh=472050529b4dd361 vn="Win32/Packed.ScrambleWrapper.M evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55Q3V75K\setup[1].exe"
sh=119E149747A552877117A6D91EFD3BE4B26418AE ft=1 fh=d60c8402287380a1 vn="Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ESBUJ53R\sp-downloader[1].exe"
sh=EF3A6A169D6D382DF73A084F681D8AB236D5192B ft=1 fh=672191eee875e123 vn="Variante von Win32/AdWare.SpeedingUpMyPC.L Anwendung" ac=I fn="C:\Users\Rico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JHIOZJVM\OptimizerPro_20140714[1].exe"
sh=F78BA1ECDB52F15E80AC167F98FC3DB63A42EC08 ft=1 fh=3bfd648a17a08d6e vn="Variante von MSIL/Adware.iBryte.D Anwendung" ac=I fn="C:\Users\Rico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PZYP4UT8\rtinstaller[1].exe"
sh=71D0D69557E246191D7A62C12E9E709DC2687B72 ft=1 fh=12764d5dbdc26675 vn="Win32/RiskWare.NetFilter.B Anwendung" ac=I fn="C:\Windows\System32\hfnapi.dll"
sh=71D0D69557E246191D7A62C12E9E709DC2687B72 ft=1 fh=12764d5dbdc26675 vn="Win32/RiskWare.NetFilter.B Anwendung" ac=I fn="C:\Windows\SysWOW64\hfnapi.dll"
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
  (On Access scanning disabled!) 
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java version out of Date! 
 Adobe Flash Player 14.0.0.145  
 Google Chrome 35.0.1916.153  
 Google Chrome 36.0.1985.125  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by Rico (administrator) on RICO-PC on 27-07-2014 17:18:08
Running from C:\Users\Rico\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation) C:\Users\Rico\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dropbox, Inc.) C:\Users\Rico\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
() C:\Program Files (x86)\Opera\22.0.1471.50\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2012-04-04] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-04] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [77824 2014-06-07] (Apple Computer, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)
HKU\S-1-5-21-1296850485-3907825808-2435419184-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-1296850485-3907825808-2435419184-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1296850485-3907825808-2435419184-1000\...\Run: [SkyDrive] => C:\Users\Rico\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224 2014-07-21] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Rico\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Rico\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512_6\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Rico\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512_6\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Rico\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512_6\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rico\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rico\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rico\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rico\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Rico\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512_6\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Rico\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512_6\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Rico\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512_6\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rico\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rico\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rico\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x005ADF4C7C42CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - URL hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SPEFC849AC-009D-49B5-B945-6CD5047C9535&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.115.15

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.0.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.0.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-07-20]

Chrome: 
=======
CHR HomePage: 
CHR DefaultSearchKeyword: webssearches
CHR Extension: (Google Docs) - C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-17]
CHR Extension: (Google Drive) - C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-17]
CHR Extension: (YouTube) - C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-17]
CHR Extension: (Google-Suche) - C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-17]
CHR Extension: (Adobe Acrobat – PDF-Datei erstellen) - C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-07-17]
CHR Extension: (Google Wallet) - C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-17]
CHR Extension: (Citavi Picker) - C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2014-07-20]
CHR Extension: (Google Mail) - C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-17]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - C:\Program Files (x86)\Citavi 4\Pickers\Chrome\ChromePicker.crx [2014-02-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-18] (Disc Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-27 17:16 - 2014-07-27 17:16 - 00854390 _____ () C:\Users\Rico\Downloads\SecurityCheck.exe
2014-07-25 12:22 - 2014-07-25 12:22 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-25 12:21 - 2014-07-25 12:21 - 02347384 _____ (ESET) C:\Users\Rico\Downloads\esetsmartinstaller_deu.exe
2014-07-25 10:34 - 2014-07-25 10:34 - 00127136 _____ (Spotify Ltd) C:\Users\Rico\Downloads\SpotifySetup.exe
2014-07-21 11:15 - 2014-07-21 11:15 - 00000000 ___HD () C:\OneDriveTemp
2014-07-21 11:14 - 2014-07-27 13:28 - 00000000 ___RD () C:\Users\Rico\OneDrive
2014-07-21 11:14 - 2014-07-21 11:14 - 00002194 _____ () C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-07-21 11:14 - 2014-07-21 11:14 - 00002124 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-07-21 11:14 - 2014-07-21 11:14 - 00002124 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-07-21 11:14 - 2014-07-21 11:00 - 06089928 _____ (Microsoft Corporation) C:\Users\Rico\Downloads\OneDriveSetup.exe
2014-07-21 11:13 - 2014-07-21 11:13 - 00002944 _____ () C:\Windows\System32\Tasks\{50026613-30AC-4815-9DA0-638A8CCE74FA}
2014-07-21 10:47 - 2014-07-21 10:47 - 00000000 ____D () C:\ProgramData\Gibraltar
2014-07-20 20:56 - 2014-07-27 17:18 - 00017335 _____ () C:\Users\Rico\Downloads\FRST.txt
2014-07-20 20:56 - 2014-07-27 17:18 - 00000000 ____D () C:\Users\Rico\Downloads\FRST-OlderVersion
2014-07-20 20:18 - 2014-07-20 20:18 - 01016261 _____ (Thisisu) C:\Users\Rico\Downloads\JRT.exe
2014-07-20 20:18 - 2014-07-20 20:18 - 00000000 ____D () C:\Windows\ERUNT
2014-07-20 20:12 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-20 20:11 - 2014-07-20 20:12 - 00000000 ____D () C:\AdwCleaner
2014-07-20 20:11 - 2014-07-20 20:11 - 01354223 _____ () C:\Users\Rico\Downloads\adwcleaner_3.216.exe
2014-07-20 19:17 - 2014-07-20 19:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-20 19:15 - 2014-07-20 19:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Rico\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-20 18:42 - 2014-07-20 18:42 - 00000000 ____D () C:\Users\Rico\AppData\Local\Swiss Academic Software
2014-07-20 17:18 - 2014-07-20 17:50 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2014-07-20 17:18 - 2014-07-20 17:50 - 00002210 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2014-07-20 17:18 - 2014-07-20 17:50 - 00002049 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2014-07-20 17:18 - 2014-07-20 17:18 - 00002140 _____ () C:\Users\Public\Desktop\Adobe FormsCentral.lnk
2014-07-20 17:18 - 2014-07-20 17:18 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
2014-07-20 16:39 - 2014-07-20 16:39 - 00020494 _____ () C:\ComboFix.txt
2014-07-20 16:26 - 2014-07-20 18:50 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-20 16:25 - 2014-07-20 16:25 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Rico\Downloads\revosetup95.exe
2014-07-18 10:13 - 2014-07-24 22:27 - 00000000 ____D () C:\Users\Rico\Documents\Citavi 4
2014-07-18 10:13 - 2014-07-20 18:56 - 00000000 ____D () C:\Users\Rico\AppData\Roaming\Swiss Academic Software
2014-07-18 10:13 - 2014-07-18 10:13 - 00000000 ____D () C:\ProgramData\Swiss Academic Software
2014-07-18 09:50 - 2014-07-18 09:50 - 00001949 _____ () C:\Users\Public\Desktop\Citavi 4.lnk
2014-07-18 09:50 - 2014-07-18 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 4
2014-07-18 09:48 - 2014-07-18 09:50 - 00000000 ____D () C:\Program Files (x86)\Citavi 4
2014-07-18 09:46 - 2014-07-18 09:46 - 00000000 ____D () C:\Users\Rico\AppData\Local\Downloaded Installations
2014-07-17 17:59 - 2014-07-18 13:03 - 01592824 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-17 17:50 - 2014-07-17 17:51 - 88342536 _____ (Swiss Academic Software) C:\Users\Rico\Downloads\Citavi4Setup.exe
2014-07-17 17:03 - 2014-07-17 17:03 - 00380416 _____ () C:\Users\Rico\Downloads\Gmer-19357.exe
2014-07-17 17:00 - 2014-07-27 17:18 - 00000000 ____D () C:\FRST
2014-07-17 16:59 - 2014-07-27 17:18 - 02093568 _____ (Farbar) C:\Users\Rico\Downloads\FRST64.exe
2014-07-17 16:58 - 2014-07-17 16:58 - 00000168 _____ () C:\Users\Rico\defogger_reenable
2014-07-17 16:57 - 2014-07-17 16:57 - 00050477 _____ () C:\Users\Rico\Downloads\Defogger.exe
2014-07-17 16:44 - 2014-07-27 13:26 - 00002408 _____ () C:\Windows\setupact.log
2014-07-17 16:44 - 2014-07-17 16:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-17 16:43 - 2014-07-20 20:13 - 00147474 _____ () C:\Windows\PFRO.log
2014-07-17 16:32 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-17 16:32 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-17 16:32 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-17 16:32 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-17 16:32 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-17 16:32 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-17 16:32 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-17 16:32 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-17 16:30 - 2014-07-20 16:39 - 00000000 ____D () C:\Qoobox
2014-07-17 16:30 - 2014-07-17 16:47 - 00000000 ____D () C:\Windows\erdnt
2014-07-17 16:28 - 2014-07-17 16:28 - 00003114 _____ () C:\Windows\System32\Tasks\{A5DB3CBF-5CD9-4D0C-A0CE-2315700566F5}
2014-07-17 16:25 - 2014-07-20 16:30 - 05222180 ____R (Swearware) C:\Users\Rico\Downloads\ComboFix.exe
2014-07-17 16:24 - 2014-07-17 16:26 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-17 16:24 - 2014-07-17 16:25 - 00003238 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-07-17 16:22 - 2014-07-17 16:22 - 00002251 _____ () C:\Users\Rico\Desktop\Google Chrome.lnk
2014-07-17 15:39 - 2014-07-17 15:40 - 04812672 _____ (Piriform Ltd) C:\Users\Rico\Downloads\ccsetup415.exe
2014-07-17 14:41 - 2014-07-17 14:41 - 00000687 _____ () C:\awh10A2.tmp
2014-07-17 12:49 - 2014-07-17 12:49 - 00000687 _____ () C:\awhECE.tmp
2014-07-16 12:45 - 2014-07-16 12:45 - 00000687 _____ () C:\awhC9D.tmp
2014-07-15 10:15 - 2014-07-15 10:15 - 00000687 _____ () C:\awh878.tmp
2014-07-14 15:57 - 2014-07-14 18:57 - 00074626 _____ () C:\Users\Rico\Desktop\Projektphasen.pptx
2014-07-14 13:54 - 2014-07-14 13:54 - 00000687 _____ () C:\awh8A7.tmp
2014-07-11 16:37 - 2014-07-17 16:30 - 01043188 _____ () C:\Users\Rico\AppData\Local\uucbbppw.gss
2014-07-11 16:37 - 2014-07-17 16:30 - 00184320 _____ () C:\Users\Rico\AppData\Local\uucbbppw.gdb
2014-07-10 20:19 - 2014-07-10 20:19 - 00000687 _____ () C:\awh962.tmp
2014-07-10 17:55 - 2014-07-10 19:15 - 00000000 ____D () C:\Users\Rico\Desktop\Zeug für Bewerbung
2014-07-10 14:52 - 2014-07-10 14:52 - 00000687 _____ () C:\awh1FA0.tmp
2014-07-09 11:46 - 2014-07-09 11:46 - 00002832 _____ () C:\Users\Rico\Downloads\Antwort_ 7_1 Schland.zip
2014-07-09 11:20 - 2014-07-09 11:20 - 00000687 _____ () C:\awh9829.tmp
2014-07-09 09:37 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 09:37 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 09:37 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 09:37 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 09:37 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 09:37 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 09:37 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 09:37 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 09:37 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 09:37 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 09:37 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 09:37 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 09:37 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 09:37 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 09:37 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 09:37 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 09:37 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 09:37 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 09:37 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 09:37 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 09:37 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 09:37 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 09:37 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 09:37 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 09:37 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 09:37 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 09:37 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 09:37 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 09:37 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 09:37 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 09:37 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 09:37 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 09:37 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 09:37 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 09:37 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 09:37 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 09:37 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 09:37 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 09:37 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 09:37 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 09:37 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 09:37 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 09:37 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 09:37 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 09:37 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 09:37 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 09:37 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 09:37 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 09:37 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 09:37 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 09:37 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 09:37 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 09:37 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 09:37 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 09:37 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 09:37 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 09:37 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 09:37 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 09:37 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 09:37 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 09:36 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 09:36 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 09:36 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 09:36 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 09:36 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-09 09:29 - 2014-07-09 09:29 - 00000687 _____ () C:\awh6F2.tmp
2014-07-08 16:51 - 2014-07-10 20:48 - 00000000 ____D () C:\Users\Rico\Desktop\Samson
2014-07-07 19:39 - 2014-07-07 19:39 - 00000687 _____ () C:\awh34F4.tmp
2014-07-07 13:57 - 2014-07-07 13:57 - 00000687 _____ () C:\awh1D30.tmp
2014-07-07 10:02 - 2014-07-07 10:02 - 00000687 _____ () C:\awhFD03.tmp
2014-07-07 09:08 - 2014-07-07 09:08 - 00000687 _____ () C:\awh1C27.tmp
2014-07-06 21:48 - 2014-07-06 21:49 - 21169658 _____ () C:\Users\Rico\Downloads\PDFverkleinern_flv.mp4
2014-07-06 20:58 - 2014-07-06 20:58 - 00000687 _____ () C:\awh5791.tmp
2014-07-06 20:57 - 2014-07-06 20:57 - 00000000 ____D () C:\Users\Rico\Desktop\PA MA-Bau
2014-07-06 20:10 - 2014-07-10 20:46 - 00000000 ____D () C:\Users\Rico\Desktop\South Africa
2014-07-06 19:53 - 2014-07-06 19:53 - 00014201 _____ () C:\Users\Rico\Downloads\AW_ letter of motivation.zip
2014-07-06 18:33 - 2014-07-06 18:33 - 00000687 _____ () C:\awh981.tmp
2014-07-06 18:15 - 2014-07-06 18:15 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-07-06 18:15 - 2014-07-06 18:15 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-07-06 11:59 - 2014-07-06 11:59 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-07-06 11:35 - 2014-07-06 11:35 - 00000687 _____ () C:\awh20D8.tmp
2014-07-05 15:02 - 2014-07-05 15:08 - 00000000 ____D () C:\Users\Rico\Documents\Wohnung
2014-07-05 12:43 - 2014-07-05 12:43 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-07-05 12:43 - 2014-07-05 12:43 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-07-05 12:43 - 2014-07-05 12:43 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-07-05 12:43 - 2014-07-05 12:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-07-02 17:27 - 2014-07-02 17:27 - 00003164 _____ () C:\Windows\System32\Tasks\{1F6C3454-9EA5-4C60-9934-47B8882F17C4}
2014-07-02 14:21 - 2014-07-02 14:21 - 00000687 _____ () C:\awhEC9F.tmp
2014-07-01 13:38 - 2014-07-01 13:38 - 00000687 _____ () C:\awhE7EE.tmp
2014-06-30 20:56 - 2014-06-30 20:56 - 00009470 _____ () C:\Users\Rico\Desktop\Mietaufstellung.xlsx
2014-06-30 18:01 - 2014-06-30 18:01 - 00000687 _____ () C:\awhEAAC.tmp
2014-06-30 08:43 - 2014-06-30 08:43 - 00000687 _____ () C:\awhEEA2.tmp
2014-06-30 06:48 - 2014-06-30 06:48 - 00000687 _____ () C:\awhE8E7.tmp
2014-06-29 20:06 - 2014-06-29 20:06 - 00000687 _____ () C:\awhEC60.tmp
2014-06-29 16:34 - 2014-06-29 16:34 - 00000687 _____ () C:\awhEC51.tmp
2014-06-29 08:17 - 2014-06-29 08:17 - 00000687 _____ () C:\awhE407.tmp
2014-06-27 12:05 - 2014-06-27 12:05 - 00000687 _____ () C:\awh28F.tmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-27 17:18 - 2014-07-20 20:56 - 00017335 _____ () C:\Users\Rico\Downloads\FRST.txt
2014-07-27 17:18 - 2014-07-20 20:56 - 00000000 ____D () C:\Users\Rico\Downloads\FRST-OlderVersion
2014-07-27 17:18 - 2014-07-17 17:00 - 00000000 ____D () C:\FRST
2014-07-27 17:18 - 2014-07-17 16:59 - 02093568 _____ (Farbar) C:\Users\Rico\Downloads\FRST64.exe
2014-07-27 17:16 - 2014-07-27 17:16 - 00854390 _____ () C:\Users\Rico\Downloads\SecurityCheck.exe
2014-07-27 17:08 - 2014-03-22 15:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-27 17:06 - 2014-03-22 15:36 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-27 16:54 - 2014-03-18 01:31 - 01687060 _____ () C:\Windows\WindowsUpdate.log
2014-07-27 13:34 - 2009-07-14 06:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-27 13:34 - 2009-07-14 06:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-27 13:28 - 2014-07-21 11:14 - 00000000 ___RD () C:\Users\Rico\OneDrive
2014-07-27 13:28 - 2014-03-25 17:27 - 00000000 ___RD () C:\Users\Rico\Dropbox
2014-07-27 13:28 - 2014-03-25 17:25 - 00000000 ____D () C:\Users\Rico\AppData\Roaming\Dropbox
2014-07-27 13:27 - 2014-03-22 15:35 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-27 13:26 - 2014-07-17 16:44 - 00002408 _____ () C:\Windows\setupact.log
2014-07-27 13:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-25 12:22 - 2014-07-25 12:22 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-25 12:21 - 2014-07-25 12:21 - 02347384 _____ (ESET) C:\Users\Rico\Downloads\esetsmartinstaller_deu.exe
2014-07-25 10:34 - 2014-07-25 10:34 - 00127136 _____ (Spotify Ltd) C:\Users\Rico\Downloads\SpotifySetup.exe
2014-07-25 10:27 - 2014-03-25 17:26 - 00000000 ____D () C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-24 22:27 - 2014-07-18 10:13 - 00000000 ____D () C:\Users\Rico\Documents\Citavi 4
2014-07-21 11:15 - 2014-07-21 11:15 - 00000000 ___HD () C:\OneDriveTemp
2014-07-21 11:14 - 2014-07-21 11:14 - 00002194 _____ () C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-07-21 11:14 - 2014-07-21 11:14 - 00002124 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-07-21 11:14 - 2014-07-21 11:14 - 00002124 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-07-21 11:14 - 2014-03-26 17:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2014-07-21 11:14 - 2014-03-18 01:38 - 00000000 ____D () C:\Users\Rico
2014-07-21 11:13 - 2014-07-21 11:13 - 00002944 _____ () C:\Windows\System32\Tasks\{50026613-30AC-4815-9DA0-638A8CCE74FA}
2014-07-21 11:00 - 2014-07-21 11:14 - 06089928 _____ (Microsoft Corporation) C:\Users\Rico\Downloads\OneDriveSetup.exe
2014-07-21 10:47 - 2014-07-21 10:47 - 00000000 ____D () C:\ProgramData\Gibraltar
2014-07-20 20:18 - 2014-07-20 20:18 - 01016261 _____ (Thisisu) C:\Users\Rico\Downloads\JRT.exe
2014-07-20 20:18 - 2014-07-20 20:18 - 00000000 ____D () C:\Windows\ERUNT
2014-07-20 20:13 - 2014-07-17 16:43 - 00147474 _____ () C:\Windows\PFRO.log
2014-07-20 20:12 - 2014-07-20 20:11 - 00000000 ____D () C:\AdwCleaner
2014-07-20 20:12 - 2014-03-22 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-20 20:12 - 2014-03-18 01:40 - 00000993 _____ () C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-20 20:11 - 2014-07-20 20:11 - 01354223 _____ () C:\Users\Rico\Downloads\adwcleaner_3.216.exe
2014-07-20 20:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\security
2014-07-20 20:01 - 2014-06-18 10:53 - 00000000 ____D () C:\temp
2014-07-20 19:17 - 2014-07-20 19:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-20 19:16 - 2014-07-20 19:15 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Rico\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-20 18:56 - 2014-07-18 10:13 - 00000000 ____D () C:\Users\Rico\AppData\Roaming\Swiss Academic Software
2014-07-20 18:53 - 2014-06-08 13:14 - 00000000 ____D () C:\Users\Rico\Documents\Projektarbeit MB
2014-07-20 18:50 - 2014-07-20 16:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-20 18:42 - 2014-07-20 18:42 - 00000000 ____D () C:\Users\Rico\AppData\Local\Swiss Academic Software
2014-07-20 17:50 - 2014-07-20 17:18 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2014-07-20 17:50 - 2014-07-20 17:18 - 00002210 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2014-07-20 17:50 - 2014-07-20 17:18 - 00002049 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2014-07-20 17:25 - 2014-03-18 09:36 - 00109232 _____ () C:\Users\Rico\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-20 17:24 - 2009-07-14 06:45 - 00415656 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-20 17:21 - 2014-06-14 17:16 - 00000000 ____D () C:\Users\Rico\AppData\Local\Adobe
2014-07-20 17:19 - 2014-03-22 18:10 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-07-20 17:18 - 2014-07-20 17:18 - 00002140 _____ () C:\Users\Public\Desktop\Adobe FormsCentral.lnk
2014-07-20 17:18 - 2014-07-20 17:18 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
2014-07-20 17:17 - 2014-03-22 18:57 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-20 17:14 - 2014-03-18 13:11 - 00000000 ____D () C:\Users\Rico\AppData\Roaming\DAEMON Tools Lite
2014-07-20 16:39 - 2014-07-20 16:39 - 00020494 _____ () C:\ComboFix.txt
2014-07-20 16:39 - 2014-07-17 16:30 - 00000000 ____D () C:\Qoobox
2014-07-20 16:37 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-20 16:30 - 2014-07-17 16:25 - 05222180 ____R (Swearware) C:\Users\Rico\Downloads\ComboFix.exe
2014-07-20 16:25 - 2014-07-20 16:25 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Rico\Downloads\revosetup95.exe
2014-07-18 13:03 - 2014-07-17 17:59 - 01592824 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-18 13:03 - 2011-04-12 09:43 - 00699160 _____ () C:\Windows\system32\perfh007.dat
2014-07-18 13:03 - 2011-04-12 09:43 - 00149268 _____ () C:\Windows\system32\perfc007.dat
2014-07-18 13:03 - 2009-07-14 07:13 - 01592824 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-18 10:13 - 2014-07-18 10:13 - 00000000 ____D () C:\ProgramData\Swiss Academic Software
2014-07-18 09:50 - 2014-07-18 09:50 - 00001949 _____ () C:\Users\Public\Desktop\Citavi 4.lnk
2014-07-18 09:50 - 2014-07-18 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 4
2014-07-18 09:50 - 2014-07-18 09:48 - 00000000 ____D () C:\Program Files (x86)\Citavi 4
2014-07-18 09:46 - 2014-07-18 09:46 - 00000000 ____D () C:\Users\Rico\AppData\Local\Downloaded Installations
2014-07-17 17:51 - 2014-07-17 17:50 - 88342536 _____ (Swiss Academic Software) C:\Users\Rico\Downloads\Citavi4Setup.exe
2014-07-17 17:03 - 2014-07-17 17:03 - 00380416 _____ () C:\Users\Rico\Downloads\Gmer-19357.exe
2014-07-17 16:58 - 2014-07-17 16:58 - 00000168 _____ () C:\Users\Rico\defogger_reenable
2014-07-17 16:57 - 2014-07-17 16:57 - 00050477 _____ () C:\Users\Rico\Downloads\Defogger.exe
2014-07-17 16:48 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-07-17 16:47 - 2014-07-17 16:30 - 00000000 ____D () C:\Windows\erdnt
2014-07-17 16:44 - 2014-07-17 16:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-17 16:43 - 2009-07-14 04:34 - 63963136 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-07-17 16:43 - 2009-07-14 04:34 - 14942208 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-07-17 16:43 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-07-17 16:43 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-07-17 16:43 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-07-17 16:30 - 2014-07-11 16:37 - 01043188 _____ () C:\Users\Rico\AppData\Local\uucbbppw.gss
2014-07-17 16:30 - 2014-07-11 16:37 - 00184320 _____ () C:\Users\Rico\AppData\Local\uucbbppw.gdb
2014-07-17 16:28 - 2014-07-17 16:28 - 00003114 _____ () C:\Windows\System32\Tasks\{A5DB3CBF-5CD9-4D0C-A0CE-2315700566F5}
2014-07-17 16:26 - 2014-07-17 16:24 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-17 16:25 - 2014-07-17 16:24 - 00003238 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-07-17 16:22 - 2014-07-17 16:22 - 00002251 _____ () C:\Users\Rico\Desktop\Google Chrome.lnk
2014-07-17 16:22 - 2014-03-22 15:35 - 00000000 ____D () C:\Users\Rico\AppData\Local\Google
2014-07-17 15:45 - 2014-05-14 18:39 - 00000000 ____D () C:\Windows\Minidump
2014-07-17 15:45 - 2014-03-18 01:28 - 00000000 ____D () C:\Windows\Panther
2014-07-17 15:40 - 2014-07-17 15:39 - 04812672 _____ (Piriform Ltd) C:\Users\Rico\Downloads\ccsetup415.exe
2014-07-17 14:41 - 2014-07-17 14:41 - 00000687 _____ () C:\awh10A2.tmp
2014-07-17 12:49 - 2014-07-17 12:49 - 00000687 _____ () C:\awhECE.tmp
2014-07-16 12:45 - 2014-07-16 12:45 - 00000687 _____ () C:\awhC9D.tmp
2014-07-15 10:15 - 2014-07-15 10:15 - 00000687 _____ () C:\awh878.tmp
2014-07-14 18:57 - 2014-07-14 15:57 - 00074626 _____ () C:\Users\Rico\Desktop\Projektphasen.pptx
2014-07-14 13:54 - 2014-07-14 13:54 - 00000687 _____ () C:\awh8A7.tmp
2014-07-10 20:48 - 2014-07-08 16:51 - 00000000 ____D () C:\Users\Rico\Desktop\Samson
2014-07-10 20:46 - 2014-07-06 20:10 - 00000000 ____D () C:\Users\Rico\Desktop\South Africa
2014-07-10 20:19 - 2014-07-10 20:19 - 00000687 _____ () C:\awh962.tmp
2014-07-10 19:15 - 2014-07-10 17:55 - 00000000 ____D () C:\Users\Rico\Desktop\Zeug für Bewerbung
2014-07-10 16:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-10 15:08 - 2014-03-22 15:35 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-10 15:08 - 2014-03-22 15:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-10 15:08 - 2014-03-22 15:35 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-10 14:52 - 2014-07-10 14:52 - 00000687 _____ () C:\awh1FA0.tmp
2014-07-09 11:46 - 2014-07-09 11:46 - 00002832 _____ () C:\Users\Rico\Downloads\Antwort_ 7_1 Schland.zip
2014-07-09 11:20 - 2014-07-09 11:20 - 00000687 _____ () C:\awh9829.tmp
2014-07-09 11:14 - 2011-04-12 09:55 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 09:45 - 2014-03-18 13:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 09:44 - 2014-03-18 10:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 09:42 - 2014-03-18 10:18 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 09:29 - 2014-07-09 09:29 - 00000687 _____ () C:\awh6F2.tmp
2014-07-07 19:39 - 2014-07-07 19:39 - 00000687 _____ () C:\awh34F4.tmp
2014-07-07 17:37 - 2009-07-14 04:34 - 00000478 _____ () C:\Windows\win.ini
2014-07-07 13:57 - 2014-07-07 13:57 - 00000687 _____ () C:\awh1D30.tmp
2014-07-07 10:02 - 2014-07-07 10:02 - 00000687 _____ () C:\awhFD03.tmp
2014-07-07 09:08 - 2014-07-07 09:08 - 00000687 _____ () C:\awh1C27.tmp
2014-07-06 21:49 - 2014-07-06 21:48 - 21169658 _____ () C:\Users\Rico\Downloads\PDFverkleinern_flv.mp4
2014-07-06 20:58 - 2014-07-06 20:58 - 00000687 _____ () C:\awh5791.tmp
2014-07-06 20:57 - 2014-07-06 20:57 - 00000000 ____D () C:\Users\Rico\Desktop\PA MA-Bau
2014-07-06 19:53 - 2014-07-06 19:53 - 00014201 _____ () C:\Users\Rico\Downloads\AW_ letter of motivation.zip
2014-07-06 18:33 - 2014-07-06 18:33 - 00000687 _____ () C:\awh981.tmp
2014-07-06 18:15 - 2014-07-06 18:15 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-07-06 18:15 - 2014-07-06 18:15 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-07-06 11:59 - 2014-07-06 11:59 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-07-06 11:59 - 2014-03-18 09:52 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-06 11:35 - 2014-07-06 11:35 - 00000687 _____ () C:\awh20D8.tmp
2014-07-05 15:08 - 2014-07-05 15:02 - 00000000 ____D () C:\Users\Rico\Documents\Wohnung
2014-07-05 12:43 - 2014-07-05 12:43 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-07-05 12:43 - 2014-07-05 12:43 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-07-05 12:43 - 2014-07-05 12:43 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-07-05 12:43 - 2014-07-05 12:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-07-03 08:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-02 17:27 - 2014-07-02 17:27 - 00003164 _____ () C:\Windows\System32\Tasks\{1F6C3454-9EA5-4C60-9934-47B8882F17C4}
2014-07-02 14:21 - 2014-07-02 14:21 - 00000687 _____ () C:\awhEC9F.tmp
2014-07-01 22:28 - 2014-06-18 10:51 - 00000000 ____D () C:\Users\Rico\AppData\Local\Genesis_06180851
2014-07-01 13:38 - 2014-07-01 13:38 - 00000687 _____ () C:\awhE7EE.tmp
2014-06-30 20:56 - 2014-06-30 20:56 - 00009470 _____ () C:\Users\Rico\Desktop\Mietaufstellung.xlsx
2014-06-30 18:01 - 2014-06-30 18:01 - 00000687 _____ () C:\awhEAAC.tmp
2014-06-30 08:43 - 2014-06-30 08:43 - 00000687 _____ () C:\awhEEA2.tmp
2014-06-30 06:48 - 2014-06-30 06:48 - 00000687 _____ () C:\awhE8E7.tmp
2014-06-29 20:06 - 2014-06-29 20:06 - 00000687 _____ () C:\awhEC60.tmp
2014-06-29 16:34 - 2014-06-29 16:34 - 00000687 _____ () C:\awhEC51.tmp
2014-06-29 09:00 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-29 08:17 - 2014-06-29 08:17 - 00000687 _____ () C:\awhE407.tmp
2014-06-27 12:05 - 2014-06-27 12:05 - 00000687 _____ () C:\awh28F.tmp

Some content of TEMP:
====================
C:\Users\Rico\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_a_vdd.dll
C:\Users\Rico\AppData\Local\Temp\Quarantine.exe
C:\Users\Rico\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Rico\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Rico\AppData\Local\Temp\System.Data.SQLite10291.dll
C:\Users\Rico\AppData\Local\Temp\System.Data.SQLite20428.dll
C:\Users\Rico\AppData\Local\Temp\System.Data.SQLite26316.dll
C:\Users\Rico\AppData\Local\Temp\System.Data.SQLite44829.dll
C:\Users\Rico\AppData\Local\Temp\System.Data.SQLite87153.dll
C:\Users\Rico\AppData\Local\Temp\System.Data.SQLite96679.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-23 13:29

==================== End Of Log ============================
--- --- ---

--- --- ---

Alt 27.07.2014, 20:23   #8
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7: Internet Explorer startet automatisch Werbung/ Webseiten werden auf Werbung umgeleitet - Standard

Windows 7: Internet Explorer startet automatisch Werbung/ Webseiten werden auf Werbung umgeleitet


Java updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Windows\System32\hfnapi.dll
C:\Windows\SysWOW64\hfnapi.dll
CHR DefaultSearchKeyword: webssearches

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 7: Internet Explorer startet automatisch Werbung/ Webseiten werden auf Werbung umgeleitet
4d36e972-e325-11ce-bfc1-08002be10318, auf werbung umgeleitet, branding, ccsetup, device driver, msil/adware.ibryte.d, pup.optional.adpeak.a, pup.optional.amonetize, pup.optional.conduit.a, pup.optional.freesofttoday.a, pup.optional.iepluginservice.a, pup.optional.iepluginservices.a, pup.optional.netfilter, pup.optional.offerswizard.a, pup.optional.opencandy, pup.optional.optimuminstaller.a, pup.optional.qone8, pup.optional.rrsavings.a, pup.optional.searchprotect.a, pup.optional.skytech.a, pup.optional.superfish.a, pup.optional.suptab.a, pup.optional.trovi.a, pup.optional.weatheritup.a, pup.optional.webssearches.a, pup.optional.windowsprotectmanger.a, pup.optional.wpm.a, rockettab, rogue.multiple, teredo, win32/amonetize.az, win32/riskware.netfilter.b, windowsprotectmanger


« Windows 7 - Beim Starten von Chrome öffnen sich 7 Tabs mit verschiedenen Suchmaschinen | SoftwareUpdater.ui.exe öffnet sich beim Start »


Ähnliche Themen: Windows 7: Internet Explorer startet automatisch Werbung/ Webseiten werden auf Werbung umgeleitet


  1. Windows 7 Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 07.09.2015 (10)
  2. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 30.07.2015 (8)
  3. Windows 7: Webseiten werden auf Werbung umgeleitet, Chrome startet nicht mehr
    Log-Analyse und Auswertung - 03.06.2015 (3)
  4. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 08.05.2015 (16)
  5. Windows 7: Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 24.04.2015 (31)
  6. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 11.02.2015 (19)
  7. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 12.11.2014 (8)
  8. Windows 7: WEBSEITEN werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 03.10.2014 (5)
  9. Windows 8: Webseiten werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 01.08.2014 (5)
  10. Windows 7: Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 19.05.2014 (15)
  11. Windows 7: Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 28.04.2014 (9)
  12. Windows 7: Webseiten werden auf Werbung umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 16.02.2014 (9)
  13. Windows 7: Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 07.01.2014 (6)
  14. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 30.11.2013 (12)
  15. Windows 7: Webseiten werden auf werbung umgeleitet
    Log-Analyse und Auswertung - 27.10.2013 (9)
  16. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Plagegeister aller Art und deren Bekämpfung - 12.09.2013 (3)
  17. Windows 8: Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 24.08.2013 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 7: Internet Explorer startet automatisch Werbung/ Webseiten werden auf Werbung umgeleitet - Hallo Leute, zuerst einmal Klasse das es solche Foren gibt und das sich Leute finden, die sich den Problemen von weniger fachkundigen Menschen annehmen. Danke! Ich hab folgendes Problem: Mein - Windows 7: Internet Explorer startet automatisch Werbung/ Webseiten werden auf Werbung umgeleitet...
Archiv
Du betrachtest: Windows 7: Internet Explorer startet automatisch Werbung/ Webseiten werden auf Werbung umgeleitet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19