Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows 7 (64bit) - doppelt grün unterstrichene Wörter im Internet und unkontrollierte Öffnung von Werbefenstern (https://www.trojaner-board.de/151390-windows-7-64bit-doppelt-gruen-unterstrichene-woerter-internet-unkontrollierte-offnung-werbefenstern.html)

jumarci 23.03.2014 16:53
Windows 7 (64bit) - doppelt grün unterstrichene Wörter im Internet und unkontrollierte Öffnung von Werbefenstern
 
Hallo!
Seit einigen Tagen befindet sich in meinem Browser am oberen Rand ständig irgendeine Werbeanzeige und im Text erscheinen einzelne Wörter doppelt grün unterstrichen. Beim Darüberfahren öffnen sich kleine Werbefenster. Sobald ich einen neuen Tab öffne geht ein Pop up-Fenster mit Werbung auf, obwohl ich Pop-ups eigentlich geblockt habe.
Was muss ich tun?

Gemäß der Forenbeiträge mit gleichem Problem habe ich meinen Computer schon einmal gescannt:
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Julia Dahm (administrator) on JULIADAHM-THINK on 23-03-2014 16:30:38
Running from C:\Users\Julia Dahm\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forums

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(hdideo) C:\Program Files (x86)\addplushd\addplushd-firefoxinstaller.exe
(hdideo) C:\Program Files (x86)\addplushd\addplushd-enabler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SAsrv.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Windows\system32\AutiFWWizFwk.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
() C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
() C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\ProgramData\dlprotect.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(brother) C:\Program Files (x86)\Brownie\brstsw64.exe
(PC-Doctor, Inc.) C:\Program Files\PC-Doctor\pcdrcui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(PC-Doctor, Inc.) C:\Program Files\PC-Doctor\pcdrrealtime.p5x
(PC-Doctor, Inc.) C:\Program Files\PC-Doctor\pcdrsmart2.p5x
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2789160 2011-05-19] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-04-26] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] - C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [40808 2011-05-31] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] - C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-05-25] (Lenovo Group Limited)
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-10-25] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1391272 2012-01-04] (Ask)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Brdefprn] - C:\Program Files (x86)\Brother\BRHL2035\Brdefprn.exe -d
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\qttask.exe [282624 2007-02-16] (Apple Computer, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Download Protect] - C:\ProgramData\dlprotect.exe [12800 2014-03-18] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3756853789-1326843327-1198811885-1000\...\Run: [LTT] - C:\Program Files\PC-Doctor\EnableToolbarW32.exe [23120 2011-06-27] (PC-Doctor, Inc.)
HKU\S-1-5-21-3756853789-1326843327-1198811885-1000\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1098072 2013-03-27] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3756853789-1326843327-1198811885-1000\...\Run: [Rainlendar2] - C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2598496 2013-03-10] ()
HKU\S-1-5-21-3756853789-1326843327-1198811885-1000\...\MountPoints2: {3bc18afa-9372-11e1-a406-3859f9e8a15c} - E:\preinst.exe
HKU\S-1-5-21-3756853789-1326843327-1198811885-1000\...\MountPoints2: {716d6ef5-8e46-11e2-8902-402cf47b3902} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3756853789-1326843327-1198811885-1000\...\MountPoints2: {80b3a8c6-0935-11e1-baf7-806e6f6e6963} - Q:\LenovoQDrive.exe

==================== Internet (Whitelisted) ====================

ProxyServer: 192.168.0.1:80
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Prev Search Bar = hxxp://google.icq.com/search/search_frame.php
HKCU\Software\Microsoft\Internet Explorer\Main,Prev Search Page = Sign In
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search
URLSearchHook: HKLM-x32 - ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
URLSearchHook: HKCU - ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE466
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
BHO: addplushd - {11111111-1111-1111-1111-110511291116} - C:\Program Files (x86)\addplushd\addplushd-bho64.dll (hdideo)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKCU - No Name - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\56uvgdlt.default
FF user.js: detected! => C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\56uvgdlt.default\user.js
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\56uvgdlt.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\56uvgdlt.default\searchplugins\zonealarm.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: addplushd - C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\56uvgdlt.default\Extensions\a54e453c-130a-4769-9333-c5ec2aa914c5@9bd7cc89-9c7c-44e9-a03b-042b92d363f0.com [2014-03-16]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2013-10-25] (Check Point Software Technologies LTD)
R2 wscriptd; C:\Windows\system32\AutiFWWizFwk.exe [118784 2014-03-18] ()
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [454168 2013-10-23] (Check Point Software Technologies LTD)
R3 PCDSRVC{127174DC-C366ED8B-06020200}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]
U2 wuaserv;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-23 16:30 - 2014-03-23 16:31 - 00019215 _____ () C:\Users\Julia Dahm\Desktop\FRST.txt
2014-03-23 16:30 - 2014-03-23 16:30 - 00000000 ____D () C:\FRST
2014-03-23 16:29 - 2014-03-23 16:29 - 02157056 _____ (Farbar) C:\Users\Julia Dahm\Desktop\FRST64.exe
2014-03-18 18:02 - 2014-03-18 18:02 - 00001124 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-18 18:02 - 2014-03-18 18:02 - 00000000 ____D () C:\Users\Julia Dahm\AppData\Roaming\Malwarebytes
2014-03-18 18:02 - 2014-03-18 18:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-18 18:02 - 2014-03-18 18:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-18 18:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-18 17:47 - 2014-03-18 17:47 - 00118784 _____ () C:\Windows\system32\AutiFWWizFwk.exe
2014-03-18 17:47 - 2014-03-18 17:47 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2014-03-18 17:47 - 2014-03-18 17:47 - 00000000 ____D () C:\Users\Julia Dahm\AppData\Roaming\SUPERAntiSpyware.com
2014-03-14 19:51 - 2014-03-23 16:09 - 00003094 _____ () C:\Windows\Tasks\addplushd-chromeinstaller.job
2014-03-14 19:51 - 2014-03-23 16:09 - 00002312 _____ () C:\Windows\Tasks\addplushd-firefoxinstaller.job
2014-03-14 19:51 - 2014-03-23 16:09 - 00001506 _____ () C:\Windows\Tasks\addplushd-updater.job
2014-03-14 19:51 - 2014-03-23 16:09 - 00001460 _____ () C:\Windows\Tasks\addplushd-codedownloader.job
2014-03-14 19:51 - 2014-03-23 16:09 - 00001360 _____ () C:\Windows\Tasks\addplushd-enabler.job
2014-03-14 19:51 - 2014-03-19 03:08 - 00000000 ____D () C:\Program Files (x86)\addplushd
2014-03-14 19:51 - 2014-03-18 17:47 - 00004536 _____ () C:\Windows\System32\Tasks\addplushd-updater
2014-03-14 19:51 - 2014-03-18 17:47 - 00004490 _____ () C:\Windows\System32\Tasks\addplushd-codedownloader
2014-03-14 19:51 - 2014-03-18 17:47 - 00004390 _____ () C:\Windows\System32\Tasks\addplushd-enabler
2014-03-14 19:38 - 2014-03-18 17:47 - 00000000 ____D () C:\Users\Julia Dahm\AppData\Local\DownloadGuide
2014-03-12 21:42 - 2014-03-12 21:42 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-12 16:46 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 16:46 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 16:46 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 16:46 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 16:46 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 16:46 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 16:46 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 16:46 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 16:46 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 16:46 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 16:46 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 16:46 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 16:46 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 16:46 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 16:46 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 16:46 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 16:46 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 16:46 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 16:46 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 16:46 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 16:46 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 16:46 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 16:46 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 16:46 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 16:46 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 16:46 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 16:46 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 16:46 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 16:46 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 16:46 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 16:46 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 16:46 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 16:46 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 16:46 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 16:46 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 16:46 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 16:46 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 16:46 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 16:46 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 16:46 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 16:46 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 16:46 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 16:46 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 16:46 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 16:43 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 16:43 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 16:43 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 16:43 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-02-26 14:55 - 2014-02-26 14:55 - 00913360 _____ () C:\Windows\Minidump\022614-19375-01.dmp

==================== One Month Modified Files and Folders =======

2014-03-23 16:31 - 2014-03-23 16:30 - 00019215 _____ () C:\Users\Julia Dahm\Desktop\FRST.txt
2014-03-23 16:31 - 2012-01-13 13:37 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-03-23 16:30 - 2014-03-23 16:30 - 00000000 ____D () C:\FRST
2014-03-23 16:29 - 2014-03-23 16:29 - 02157056 _____ (Farbar) C:\Users\Julia Dahm\Desktop\FRST64.exe
2014-03-23 16:25 - 2011-11-07 12:45 - 01699847 _____ () C:\Windows\WindowsUpdate.log
2014-03-23 16:17 - 2012-01-13 13:37 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-03-23 16:15 - 2012-01-13 13:37 - 00004256 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-03-23 16:15 - 2012-01-13 13:37 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-03-23 16:09 - 2014-03-14 19:51 - 00003094 _____ () C:\Windows\Tasks\addplushd-chromeinstaller.job
2014-03-23 16:09 - 2014-03-14 19:51 - 00002312 _____ () C:\Windows\Tasks\addplushd-firefoxinstaller.job
2014-03-23 16:09 - 2014-03-14 19:51 - 00001506 _____ () C:\Windows\Tasks\addplushd-updater.job
2014-03-23 16:09 - 2014-03-14 19:51 - 00001460 _____ () C:\Windows\Tasks\addplushd-codedownloader.job
2014-03-23 16:09 - 2014-03-14 19:51 - 00001360 _____ () C:\Windows\Tasks\addplushd-enabler.job
2014-03-23 16:09 - 2012-11-11 19:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-19 18:46 - 2012-01-22 15:50 - 00000268 _____ () C:\Windows\Brownie.ini
2014-03-19 18:05 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-19 18:05 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-19 17:50 - 2012-01-13 13:37 - 00003516 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-03-19 03:08 - 2014-03-14 19:51 - 00000000 ____D () C:\Program Files (x86)\addplushd
2014-03-19 03:05 - 2013-07-19 10:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 03:01 - 2012-01-13 15:30 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 22:24 - 2013-07-16 15:55 - 00000000 ____D () C:\Users\Julia Dahm\.rainlendar2
2014-03-18 22:23 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-18 22:22 - 2010-11-21 04:47 - 00940826 _____ () C:\Windows\PFRO.log
2014-03-18 22:22 - 2009-07-14 05:51 - 00070434 _____ () C:\Windows\setupact.log
2014-03-18 18:02 - 2014-03-18 18:02 - 00001124 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-18 18:02 - 2014-03-18 18:02 - 00000000 ____D () C:\Users\Julia Dahm\AppData\Roaming\Malwarebytes
2014-03-18 18:02 - 2014-03-18 18:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-18 18:02 - 2014-03-18 18:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-18 17:47 - 2014-03-18 17:47 - 00118784 _____ () C:\Windows\system32\AutiFWWizFwk.exe
2014-03-18 17:47 - 2014-03-18 17:47 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2014-03-18 17:47 - 2014-03-18 17:47 - 00000000 ____D () C:\Users\Julia Dahm\AppData\Roaming\SUPERAntiSpyware.com
2014-03-18 17:47 - 2014-03-14 19:51 - 00004536 _____ () C:\Windows\System32\Tasks\addplushd-updater
2014-03-18 17:47 - 2014-03-14 19:51 - 00004490 _____ () C:\Windows\System32\Tasks\addplushd-codedownloader
2014-03-18 17:47 - 2014-03-14 19:51 - 00004390 _____ () C:\Windows\System32\Tasks\addplushd-enabler
2014-03-18 17:47 - 2014-03-14 19:38 - 00000000 ____D () C:\Users\Julia Dahm\AppData\Local\DownloadGuide
2014-03-18 13:04 - 2011-11-07 21:26 - 00700118 _____ () C:\Windows\system32\perfh007.dat
2014-03-18 13:04 - 2011-11-07 21:26 - 00149968 _____ () C:\Windows\system32\perfc007.dat
2014-03-18 13:04 - 2009-07-14 06:13 - 01622228 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-17 16:28 - 2009-07-14 05:45 - 02427096 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-17 16:26 - 2012-05-15 02:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-17 16:26 - 2012-05-15 02:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-17 12:20 - 2012-02-25 13:29 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-14 19:54 - 2011-11-07 12:50 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-14 19:52 - 2012-02-12 17:46 - 00000000 ____D () C:\Users\Julia Dahm\AppData\Local\CrashDumps
2014-03-12 21:42 - 2014-03-12 21:42 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-12 21:42 - 2012-11-11 19:14 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 21:42 - 2012-04-03 20:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 21:42 - 2012-04-03 20:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 16:30 - 2011-03-01 18:57 - 00000000 ____D () C:\Users\Julia Dahm\AppData\Roaming\vlc
2014-03-06 03:01 - 2013-02-17 09:48 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-06 03:01 - 2012-01-14 13:40 - 00000000 ____D () C:\ProgramData\Skype
2014-03-05 15:21 - 2011-11-07 12:56 - 01596508 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-01 07:05 - 2014-03-12 16:46 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-12 16:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-12 16:46 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-12 16:46 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-12 16:46 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-12 16:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-12 16:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-12 16:46 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-12 16:46 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-12 16:46 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-12 16:46 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-12 16:46 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-12 16:46 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-12 16:46 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-12 16:46 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-12 16:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-12 16:46 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-12 16:46 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-12 16:46 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-12 16:46 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-12 16:46 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-12 16:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-12 16:46 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-12 16:46 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-12 16:46 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-12 16:46 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-12 16:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-12 16:46 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-12 16:46 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-12 16:46 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-12 16:46 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-12 16:46 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-12 16:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-12 16:46 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-12 16:46 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-12 16:46 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-12 16:46 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-12 16:46 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-12 16:46 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-12 16:46 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-26 14:55 - 2014-02-26 14:55 - 00913360 _____ () C:\Windows\Minidump\022614-19375-01.dmp
2014-02-26 14:55 - 2012-08-31 16:27 - 551312836 _____ () C:\Windows\MEMORY.DMP
2014-02-26 14:55 - 2012-08-31 16:27 - 00000000 ____D () C:\Windows\Minidump

Files to move or delete:
====================
C:\ProgramData\dlprotect.exe
C:\Users\Julia Dahm\ntuser (1).dat


Some content of TEMP:
====================
C:\Users\Julia Dahm\AppData\Local\Temp\AskSLib.dll
C:\Users\Julia Dahm\AppData\Local\Temp\avgnt.exe
C:\Users\Julia Dahm\AppData\Local\Temp\conduitinstaller.exe
C:\Users\Julia Dahm\AppData\Local\Temp\contentDATs.exe
C:\Users\Julia Dahm\AppData\Local\Temp\ffunzip.exe
C:\Users\Julia Dahm\AppData\Local\Temp\finvap.exe
C:\Users\Julia Dahm\AppData\Local\Temp\firefoxjre_exe-1.exe
C:\Users\Julia Dahm\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Julia Dahm\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit-1.exe
C:\Users\Julia Dahm\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-6u15-windows-i586-iftw.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Julia Dahm\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Julia Dahm\AppData\Local\Temp\SkypeSetup (1).exe
C:\Users\Julia Dahm\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Julia Dahm\AppData\Local\Temp\Uninstall.exe
C:\Users\Julia Dahm\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\Julia Dahm\AppData\Local\Temp\vlc-2.0.6-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-10 17:03

==================== End Of Log ============================
--- --- ---

--- --- ---
FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Julia Dahm at 2014-03-23 16:32:11
Running from C:\Users\Julia Dahm\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}

==================== Installed Programs ======================

ACD/Labs Software in C:\ACDFREE12\ (HKLM-x32\...\ACDLabs in C__ACDFREE12_) (Version: v12.00, FREE - ACD/Labs)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.0.6 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM-x32\...\{A7DB362E-16DC-4E29-8A34-E74381E00B5B}) (Version: 10.1.4.020 - Adobe Systems, Inc.)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.60.00 - )
Apple Software Update (HKLM-x32\...\{A260B422-70E1-41E2-957D-F76FA21266D5}) (Version: 1.1.0.3 - Apple Computer, Inc.)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.14.1.0 - Ask.com) <==== ATTENTION
Auslogics Duplicate File Finder (HKLM-x32\...\{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1) (Version: 2.5 - Auslogics Software Pty Ltd)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Avira SearchFree Toolbar plus Web Protection Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.0.20064 - Ask.com) <==== ATTENTION
BisonCam Twain Pro (HKLM-x32\...\{F2672232-FF17-4DC9-8F24-A1E1829FE086}) (Version: 1.5.4.7 - Bison WebCam Ap)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.2200 - Broadcom Corporation)
Brother HL-2035 (HKLM-x32\...\{FF7159B1-7ACC-4FC3-B6DF-0F94C7CC5512}) (Version: 1.00 - Brother)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.27.0 - Conexant)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.828 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version:  - Microsoft)
D-GISS Demoversion 2011-2012 (HKLM-x32\...\{1205A7D3-7A80-48C6-86C1-9FE669DDE7B9}) (Version: 16.0 - Universum Verlag GmbH, Wiesbaden)
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Elevated Installer (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
Free YouTube Download version 3.1.42.1212 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.1.42.1212 - DVDVideoSoft Ltd.)
Garmin Express (HKLM-x32\...\{e47a5c85-88a2-47d2-b380-fc2e763c2e6d}) (Version: 2.1.13 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
Garmin Update Service (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 5 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.10 - )
Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{39969C3E-B297-41E5-9A7B-E252B504B21B}) (Version: 2.1.0003.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Ihr Firmenname)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 3.00.006.0 - Lenovo)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5128.5002 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.3.0 (x86 de)) (Version: 24.3.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Pfadfinder 2.0 (HKLM-x32\...\{F0AF5265-0E76-4AC0-AE45-ACA6428D5EDA}) (Version: 0.09.0020 - Bildungshaus Schulbuchverlage Westermann Schroedel Diesterweg Schöningh Winklers GmbH)
QuickTime (HKLM-x32\...\{5E863175-E85D-44A6-8968-82507D34AE7F}) (Version: 7.1.5.120 - Apple Computer, Inc.)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version:  - )
RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Rund um (2.0) ... Erlebnis Biologie 1 RS (HKLM-x32\...\{6C8B81E3-0C01-4E49-A62E-B46C96D8C148}) (Version: 1.00.0000 - Bildungshaus Schulbuchverlage Westermann Schroedel Diesterweg Schöningh Winklers GmbH)
Rund um ... Biologie heute entdecken S II (Teil 1) (HKLM-x32\...\{CC533A99-A0E1-4D92-9E8C-EDFE4C3E8F42}) (Version: 1.00.0000 - Bildungshaus Schulbuchverlage Westermann Schroedel Diesterweg Schöningh Winklers GmbH)
Rund um ... Chemie heute SI (Teil 1) (HKLM-x32\...\{99DBFE8E-8143-4311-816B-AC3FE200B933}) (Version: 1.00.0000 - Bildungshaus Schulbuchverlage Westermann Schroedel Diesterweg Schöningh Winklers GmbH)
Rund um ... Chemie heute SI (Teil 2) (HKLM-x32\...\{EA56E55B-707F-442F-9F0E-BCBF8B0329A3}) (Version: 1.00.0000 - Bildungshaus Schulbuchverlage Westermann Schroedel Diesterweg Schöningh Winklers GmbH)
Rund um ... Linder Biologie Schwerpunktmaterialien (HKLM-x32\...\{1713DB42-2DFF-4566-9356-B6A8ED60D3DF}) (Version: 1.00.0000 - Bildungshaus Schulbuchverlage Westermann Schroedel Diesterweg Schöningh Winklers GmbH)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
StreamTransport version: 1.0.2.2171 (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version:  - )
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.2200 - Broadcom Corporation)
ThinkPad Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.63 - )
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.64.00.00 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.8.0 - )
ThinkPad Wireless LAN Adapter Software (HKLM-x32\...\{9D3D2C60-A55F-4fed-B2B9-17311226DF01}) (Version: 1.00.0029.8 - REALTEK Semiconductor Corp.)
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.03 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.07 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.75 - Lenovo)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version:  - Microsoft)
VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Intel (iaStor) hdc  (11/06/2010 10.1.0.1008) (HKLM\...\73C6BE3E3B6FC5418F2B47E6C75F6C8F9552DC12) (Version: 11/06/2010 10.1.0.1008 - Intel)
Windows-Treiberpaket - Lenovo 1.64.00.00 (07/28/2011 1.64.00.00) (HKLM\...\01E3B64834B04ABAC85D8E1D3EBDC567D83AD29B) (Version: 07/28/2011 1.64.00.00 - Lenovo)
Windows-Treiberpaket - Realtek (RTL8167) Net  (12/29/2010 7.037.1229.2010) (HKLM\...\828B05D2B647CDAEA22493F7BFB96847265EE596) (Version: 12/29/2010 7.037.1229.2010 - Realtek)
Windows-Treiberpaket - Synaptics (SynTP) Mouse  (05/19/2011 15.3.8.0) (HKLM\...\DDD8A532E361E9A878EBEF69C338B306810DF059) (Version: 05/19/2011 15.3.8.0 - Synaptics)
WinRAR 4.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
YouTube Downloader 3.5 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version:  - BienneSoft)
ZoneAlarm Firewall (x32 Version: 12.0.104.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 12.0.104.000 - Check Point)
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version:  - Check Point Software Technologies)
ZoneAlarm Security (x32 Version: 12.0.104.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar  (x32 Version: 1.8.22.0 - Check Point Software Technologies LTD) Hidden
ZoneAlarm-Sicherheit Toolbar (x32 Version: 6.8.5.1 - ZoneAlarm-Sicherheit) Hidden

==================== Restore Points  =========================

05-03-2014 14:18:33 Windows Update
06-03-2014 02:00:20 Windows Update
11-03-2014 15:18:56 Windows Update
14-03-2014 18:54:07 Entfernt Digitale Schulbücher
17-03-2014 11:14:54 Windows Update
19-03-2014 02:00:16 Windows Update
19-03-2014 17:31:34 Removed Microsoft Silverlight
23-03-2014 15:22:27 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {11651BE7-6325-4801-8568-897911E3F18D} - System32\Tasks\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2007-01-10] (Apple Computer, Inc.)
Task: {1330218A-99CD-4748-AF1A-3FB3E45D51CD} - System32\Tasks\addplushd-updater => C:\Program Files (x86)\addplushd\addplushd-updater.exe
Task: {2CF7C340-6C18-4748-8803-BBDEA64C452D} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-08-31] (Lenovo Group Limited)
Task: {2F52CF0F-11B3-4D91-9489-038B202A662C} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {314013C8-1E15-4388-B335-5F882A5EF42E} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {47F62769-595F-4A5F-90C5-2ACB23B78E39} - System32\Tasks\addplushd-codedownloader => C:\Program Files (x86)\addplushd\addplushd-codedownloader.exe [2014-03-18] (hdideo)
Task: {48B1083C-DE54-427F-9EEA-7243526DFCF4} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {5F7D56EA-27EC-470C-92D9-4C8D2CBB10E6} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-01-04] () <==== ATTENTION
Task: {6F21E079-410E-4BF6-9F06-A9C722914672} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {A0674A6E-41FA-4702-B974-499BDEAC7C19} - System32\Tasks\addplushd-chromeinstaller => C:\Program Files (x86)\addplushd\addplushd-chromeinstaller.exe [2014-03-18] (hdideo)
Task: {A398E335-1DA2-4185-A2A0-E4719DF3AEFD} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2011-09-22] (Lenovo)
Task: {D3BF33D9-B00B-4D3E-A563-66B704913776} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27] ()
Task: {DD4A0791-D60E-413A-96EF-3BD88C1959A9} - System32\Tasks\addplushd-firefoxinstaller => C:\Program Files (x86)\addplushd\addplushd-firefoxinstaller.exe [2014-03-18] (hdideo)
Task: {E94C2043-A243-4E20-9098-4340AEDD7E67} - System32\Tasks\addplushd-enabler => C:\Program Files (x86)\addplushd\addplushd-enabler.exe [2014-03-18] (hdideo) <==== ATTENTION
Task: {F443B87D-D5FB-455B-9A25-114B6C769F85} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\addplushd-chromeinstaller.job => C:\Program Files (x86)\addplushd\addplushd-chromeinstaller.exe
Task: C:\Windows\Tasks\addplushd-codedownloader.job => C:\Program Files (x86)\addplushd\addplushd-codedownloader.exe
Task: C:\Windows\Tasks\addplushd-enabler.job => C:\Program Files (x86)\addplushd\addplushd-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\addplushd-firefoxinstaller.job => C:\Program Files (x86)\addplushd\addplushd-firefoxinstaller.exe
Task: C:\Windows\Tasks\addplushd-updater.job => C:\Program Files (x86)\addplushd\addplushd-updater.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-11-07 13:06 - 2011-08-31 19:03 - 00055808 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2014-03-18 17:47 - 2014-03-18 17:47 - 00118784 _____ () C:\Windows\system32\AutiFWWizFwk.exe
2011-11-07 21:21 - 2011-05-19 13:04 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2011-11-07 13:02 - 2010-10-26 04:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2011-11-07 13:03 - 2011-08-19 06:20 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-03-10 18:58 - 2013-03-10 18:58 - 02598496 _____ () C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
2014-03-18 17:47 - 2014-03-18 17:47 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2011-06-27 16:06 - 2011-06-27 16:06 - 00502352 _____ () C:\Program Files\PC-Doctor\libAsapiCSharp.dll
2011-06-27 16:06 - 2011-06-27 16:06 - 00100944 _____ () C:\Program Files\PC-Doctor\libCSharpCommonCS.dll
2011-06-27 16:06 - 2011-06-27 16:06 - 00018512 _____ () C:\Program Files\PC-Doctor\libGapiCSharp.dll
2011-06-27 16:06 - 2011-06-27 16:06 - 00029264 _____ () C:\Program Files\PC-Doctor\libDataStoreCSharp.dll
2011-06-27 16:06 - 2011-06-27 16:06 - 00092752 _____ () C:\Program Files\PC-Doctor\libTonopahClientCSharp.dll
2011-06-27 16:06 - 2011-06-27 16:06 - 00031824 _____ () C:\Program Files\PC-Doctor\pcdcsharpcommon.dll
2013-03-28 10:01 - 2013-03-28 09:54 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-11-07 13:07 - 2010-04-06 09:05 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll
2011-11-07 13:07 - 2010-04-06 09:04 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll
2012-05-16 20:01 - 2012-05-16 20:01 - 00140800 _____ () C:\Program Files (x86)\Rainlendar2\lua52.dll
2013-03-10 18:59 - 2013-03-10 18:59 - 00215648 _____ () C:\Program Files (x86)\Rainlendar2\plugins\iCalendarPlugin.dll
2012-06-17 14:22 - 2012-06-17 14:22 - 00012800 _____ () C:\Program Files (x86)\Rainlendar2\lfs.dll
2014-02-14 17:40 - 2014-02-14 17:40 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-03-12 21:42 - 2014-03-12 21:42 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/23/2014 04:22:50 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (03/23/2014 04:18:26 PM) (Source: PC-Doctor) (User: )
Description: (9300) Asapi: (16:18:26:5430)(9300) engine.EngineLink - Error -- 81 Invalid connection to client

Error: (03/23/2014 04:09:26 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

Error: (03/19/2014 05:50:55 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Das erforderliche "version"-Attribut fehlt im assemblyIdentity-Element.

Error: (03/19/2014 05:50:37 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Das erforderliche "version"-Attribut fehlt im assemblyIdentity-Element.

Error: (03/19/2014 02:11:13 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (03/19/2014 02:08:39 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Das erforderliche "version"-Attribut fehlt im assemblyIdentity-Element.

Error: (03/19/2014 02:08:38 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Das erforderliche "version"-Attribut fehlt im assemblyIdentity-Element.

Error: (03/19/2014 02:08:35 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Das erforderliche "version"-Attribut fehlt im assemblyIdentity-Element.

Error: (03/19/2014 02:08:35 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Das erforderliche "version"-Attribut fehlt im assemblyIdentity-Element.


System errors:
=============
Error: (03/18/2014 09:39:58 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "MARCUSDAHM",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{A714CD65-7E70-4CBC-BF2D-C60F2C205EE5}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/17/2014 04:26:06 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (03/17/2014 01:12:40 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.

Error: (03/17/2014 01:12:40 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.

Error: (03/17/2014 01:12:39 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.

Error: (03/17/2014 01:12:39 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.

Error: (03/16/2014 08:01:58 PM) (Source: DCOM) (User: )
Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}

Error: (03/14/2014 07:45:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BUP Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (03/12/2014 04:31:27 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "MARCUSDAHM",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{A714CD65-7E70-4CBC-BF2D-C60F2C205EE5}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/12/2014 04:31:27 PM) (Source: NetBT) (User: )
Description: Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers,
der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an
der Eingabeaufforderung, um den doppelten Namen zu bestimmen.


Microsoft Office Sessions:
=========================
Error: (03/23/2014 04:34:03 PM) (Source: PC-Doctor)(User: )
Description: (9300) Asapi: (16:34:03:6910)(9300) S3LogPusherPlugin.Helper - Error -- 334 Unable to storage the test log to medium

Error: (03/23/2014 04:22:50 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (03/23/2014 04:18:26 PM) (Source: PC-Doctor)(User: )
Description: (9300) Asapi: (16:18:26:5430)(9300) engine.EngineLink - Error -- 81 Invalid connection to client

Error: (03/23/2014 04:09:26 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

Error: (03/19/2014 05:50:55 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionC:\Program Files (x86)\Apple Software Update\Plugins\MSIInstallPlugin.dll.ManifestC:\Program Files (x86)\Apple Software Update\Plugins\MSIInstallPlugin.dll.Manifest2

Error: (03/19/2014 05:50:37 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionC:\Program Files (x86)\Apple Software Update\Plugins\EXEInstallPlugin.dll.ManifestC:\Program Files (x86)\Apple Software Update\Plugins\EXEInstallPlugin.dll.Manifest2

Error: (03/19/2014 02:11:13 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\die hochzeitsdrucker\delzip179.dllc:\program files (x86)\die hochzeitsdrucker\delzip179.dll8

Error: (03/19/2014 02:08:39 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionC:\Program Files (x86)\Apple Software Update\SoftwareUpdateFiles.Resources\ru.lproj\SoftwareUpdateFilesLocalized.dll.ManifestC:\Program Files (x86)\Apple Software Update\SoftwareUpdateFiles.Resources\ru.lproj\SoftwareUpdateFilesLocalized.dll.Manifest2

Error: (03/19/2014 02:08:38 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionC:\Program Files (x86)\Apple Software Update\SoftwareUpdateFiles.Resources\es.lproj\SoftwareUpdateFilesLocalized.dll.ManifestC:\Program Files (x86)\Apple Software Update\SoftwareUpdateFiles.Resources\es.lproj\SoftwareUpdateFilesLocalized.dll.Manifest2

Error: (03/19/2014 02:08:35 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionC:\Program Files (x86)\Apple Software Update\SoftwareUpdateFiles.Resources\ja.lproj\SoftwareUpdateFilesLocalized.dll.ManifestC:\Program Files (x86)\Apple Software Update\SoftwareUpdateFiles.Resources\ja.lproj\SoftwareUpdateFilesLocalized.dll.Manifest2


CodeIntegrity Errors:
===================================
  Date: 2013-08-28 18:07:34.062
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-28 18:00:28.321
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-28 08:54:55.908
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-28 00:49:55.521
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-27 20:12:31.614
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-27 15:21:33.056
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-27 15:03:55.860
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-27 14:01:40.999
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-27 09:46:08.654
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-26 18:44:43.991
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 56%
Total physical RAM: 4007.23 MB
Available physical RAM: 1730.06 MB
Total Pagefile: 8012.65 MB
Available Pagefile: 4822.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:452.58 GB) (Free:361.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:11.72 GB) (Free:2.42 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 2A6CC550)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=453 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

schrauber 23.03.2014 18:40
hi,

Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

jumarci 23.03.2014 22:58
Leider kann ich "addplushd" mit Revo Uninstaller nicht entfernen.

Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free Anti-Malware

Datenbank Version: v2014.03.23.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
Julia Dahm :: JULIADAHM-THINK [Administrator]

23.03.2014 19:19:57
MBAM-log-2014-03-23 (22-02-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|R:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 379085
Laufzeit: 1 Stunde(n), 24 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 3
HKCU\Software\AppDataLow\Software\addplushd (PUP.Optional.AddPusHD.A) -> Keine Aktion durchgeführt.
HKCU\Software\InstalledBrowserExtensions\hdideo (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt.
HKLM\Software\addplushd (PUP.Optional.AddPusHD.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Program Files (x86)\addplushd (PUP.Optional.AddPusHD.A) -> Keine Aktion durchgeführt.

Infizierte Dateien: 14
C:\Program Files (x86)\addplushd\addplushd-bg.exe (PUP.Optional.AddPusHD.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\addplushd\addplushd-bho64.dll (PUP.Optional.AddPusHD.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\addplushd\addplushd-chromeinstaller.exe (PUP.Optional.AddPusHD.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\addplushd\addplushd-codedownloader.exe (PUP.Optional.AddPusHD.A) -> Keine Aktion durchgeführt.
C:\Windows\Tasks\addplushd-chromeinstaller.job (PUP.Optional.AddPusHD.A) -> Keine Aktion durchgeführt.
C:\Windows\Tasks\addplushd-codedownloader.job (PUP.Optional.AddPusHD.A) -> Keine Aktion durchgeführt.
C:\Windows\Tasks\addplushd-enabler.job (PUP.Optional.AddPusHD.A) -> Keine Aktion durchgeführt.
C:\Windows\Tasks\addplushd-firefoxinstaller.job (PUP.Optional.AddPusHD.A) -> Keine Aktion durchgeführt.
C:\Windows\Tasks\addplushd-updater.job (PUP.Optional.AddPusHD.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\addplushd\52916.crx (PUP.Optional.AddPusHD.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\addplushd\52916.xpi (PUP.Optional.AddPusHD.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\addplushd\addplushd.ico (PUP.Optional.AddPusHD.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\addplushd\background.html (PUP.Optional.AddPusHD.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\addplushd\Installer.log (PUP.Optional.AddPusHD.A) -> Keine Aktion durchgeführt.

(Ende)

AdwCleaner Logfile:
Code:
# AdwCleaner v3.022 - Bericht erstellt am 23/03/2014 um 22:13:37
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Julia Dahm - JULIADAHM-THINK
# Gestartet von : C:\Users\Julia Dahm\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Program Files (x86)\Conduit
[x] Nicht Gelöscht : C:\Program Files (x86)\ZoneAlarm-Sicherheit
[x] Nicht Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Julia Dahm\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Julia Dahm\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\Julia Dahm\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\JULIAD~1\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\Julia Dahm\AppData\LocalLow\Conduit
[x] Nicht Gelöscht : C:\Users\Julia Dahm\AppData\LocalLow\ZoneAlarm-Sicherheit
Ordner Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Ordner Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\xyb0mqg2.default\Conduit
Ordner Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\xyb0mqg2.default\ConduitEngine
Ordner Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\xyb0mqg2.default\ICQToolbarData
Ordner Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\xyb0mqg2.default\CT2611275
Ordner Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\xyb0mqg2.default\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}
Ordner Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\xyb0mqg2.default\Extensions\engine@conduit.com
Ordner Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\xyb0mqg2.default\Extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}
Datei Gelöscht : C:\Users\JULIAD~1\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\56uvgdlt.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\xyb0mqg2.default\searchplugins\icqplugin.gif
Datei Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\xyb0mqg2.default\searchplugins\icqplugin.src
Datei Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\xyb0mqg2.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\xyb0mqg2.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\xyb0mqg2.default\searchplugins\icqplugin-10.xml
Datei Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\xyb0mqg2.default\searchplugins\icqplugin-11.xml
Datei Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\xyb0mqg2.default\searchplugins\icqplugin-12.xml
Datei Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\xyb0mqg2.default\searchplugins\icqplugin-13.xml
Datei Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\xyb0mqg2.default\searchplugins\icqplugin-14.xml
Datei Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\xyb0mqg2.default\searchplugins\icqplugin-15.xml
Datei Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\xyb0mqg2.default\searchplugins\icqplugin-16.xml
Datei Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\xyb0mqg2.default\searchplugins\icqplugin-17.xml
Datei Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\xyb0mqg2.default\searchplugins\icqplugin-18.xml
Datei Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\xyb0mqg2.default\searchplugins\icqplugin-19.xml
Datei Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\xyb0mqg2.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\xyb0mqg2.default\searchplugins\icqplugin-20.xml
Datei Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\xyb0mqg2.default\searchplugins\icqplugin-21.xml
Datei Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\xyb0mqg2.default\searchplugins\icqplugin-22.xml
Datei Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\xyb0mqg2.default\searchplugins\icqplugin-23.xml
Datei Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\xyb0mqg2.default\searchplugins\icqplugin-24.xml
Datei Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\xyb0mqg2.default\searchplugins\icqplugin-25.xml
Datei Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\xyb0mqg2.default\searchplugins\icqplugin-3.xml
Datei Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\xyb0mqg2.default\searchplugins\icqplugin-4.xml
Datei Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\xyb0mqg2.default\searchplugins\icqplugin-5.xml
Datei Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\xyb0mqg2.default\searchplugins\icqplugin-6.xml
Datei Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\xyb0mqg2.default\searchplugins\icqplugin-7.xml
Datei Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\xyb0mqg2.default\searchplugins\icqplugin-8.xml
Datei Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\xyb0mqg2.default\searchplugins\icqplugin-9.xml
Datei Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\56uvgdlt.default\searchplugins\zonealarm.xml
Datei Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\56uvgdlt.default\user.js
Datei Gelöscht : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\xyb0mqg2.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2613550
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-flv-converter_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-flv-converter_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A29413B9-7926-423A-9D8E-ADEEA0C91CD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522292216}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566296616}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A29413B9-7926-423A-9D8E-ADEEA0C91CD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0A834493-8852-496E-B80A-E70666E198BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DB7837A-A158-4878-97F3-B5526FF5EECF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522292216}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566296616}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ZoneAlarm-Sicherheit
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\installedbrowserextensions
Schlüssel Gelöscht : HKLM\Software\ZoneAlarm-Sicherheit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm-Sicherheit Toolbar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\installedbrowserextensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Prev Search Bar]

-\\ Mozilla Firefox v27.0.1 (de)

[ Datei : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\56uvgdlt.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "ZoneAlarm-Sicherheit Customized Web Search");
Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}");
Zeile gelöscht : user_pref("extensions.crossrider.bic", "144c1fcf252fa3e7a2ac2b0ad654cc60");

[ Datei : C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\xyb0mqg2.default\prefs.js ]

Zeile gelöscht : user_pref("CT2611275.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Zeile gelöscht : user_pref("CT2611275.CTID", "ct2611275");
Zeile gelöscht : user_pref("CT2611275.CurrentServerDate", "2-7-2010");
Zeile gelöscht : user_pref("CT2611275.DialogsAlignMode", "LTR");
Zeile gelöscht : user_pref("CT2611275.DownloadReferralCookieData", "");
Zeile gelöscht : user_pref("CT2611275.EMailNotifierPollDate", "Fri Jul 02 2010 18:42:30 GMT+0200");
Zeile gelöscht : user_pref("CT2611275.FirstServerDate", "2-7-2010");
Zeile gelöscht : user_pref("CT2611275.FirstTime", true);
Zeile gelöscht : user_pref("CT2611275.FirstTimeFF3", true);
Zeile gelöscht : user_pref("CT2611275.FirstTimeSettingsDone", true);
Zeile gelöscht : user_pref("CT2611275.FixPageNotFoundErrors", true);
Zeile gelöscht : user_pref("CT2611275.GroupingServerCheckInterval", 1440);
Zeile gelöscht : user_pref("CT2611275.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Zeile gelöscht : user_pref("CT2611275.Initialize", true);
Zeile gelöscht : user_pref("CT2611275.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("CT2611275.InstallationAndCookieDataSentCount", 2);
Zeile gelöscht : user_pref("CT2611275.InstallationType", "UnknownIntegration");
Zeile gelöscht : user_pref("CT2611275.InstalledDate", "Fri Jul 02 2010 18:42:05 GMT+0200");
Zeile gelöscht : user_pref("CT2611275.IsGrouping", false);
Zeile gelöscht : user_pref("CT2611275.IsOpenThankYouPage", false);
Zeile gelöscht : user_pref("CT2611275.IsOpenUninstallPage", true);
Zeile gelöscht : user_pref("CT2611275.LanguagePackLastCheckTime", "Fri Jul 02 2010 18:42:30 GMT+0200");
Zeile gelöscht : user_pref("CT2611275.LanguagePackReloadIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2611275.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Zeile gelöscht : user_pref("CT2611275.LastLogin_2.6.0.15", "Fri Jul 02 2010 18:42:28 GMT+0200");
Zeile gelöscht : user_pref("CT2611275.LatestVersion", "2.1.0.18");
Zeile gelöscht : user_pref("CT2611275.Locale", "en");
Zeile gelöscht : user_pref("CT2611275.LoginCache", 4);
Zeile gelöscht : user_pref("CT2611275.MCDetectTooltipHeight", "83");
Zeile gelöscht : user_pref("CT2611275.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Zeile gelöscht : user_pref("CT2611275.MCDetectTooltipWidth", "295");
Zeile gelöscht : user_pref("CT2611275.RadioIsPodcast", false);
Zeile gelöscht : user_pref("CT2611275.RadioMediaID", "8546");
Zeile gelöscht : user_pref("CT2611275.RadioMediaType", "Media Player");
Zeile gelöscht : user_pref("CT2611275.RadioMenuSelectedID", "EBRadioMenu_CT26112758546");
Zeile gelöscht : user_pref("CT2611275.RadioStationName", "Radio%208");
Zeile gelöscht : user_pref("CT2611275.RadioStationURL", "hxxp://stream.radio8.de:8000/live.m3u");
Zeile gelöscht : user_pref("CT2611275.SHRINK_TOOLBAR", 1);
Zeile gelöscht : user_pref("CT2611275.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("CT2611275.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&q=");
Zeile gelöscht : user_pref("CT2611275.SearchInNewTabEnabled", true);
Zeile gelöscht : user_pref("CT2611275.SearchInNewTabIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2611275.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2611275.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2611275.SettingsCheckIntervalMin", 120);
Zeile gelöscht : user_pref("CT2611275.SettingsLastCheckTime", "Fri Jul 02 2010 18:42:03 GMT+0200");
Zeile gelöscht : user_pref("CT2611275.SettingsLastUpdate", "1277320599");
Zeile gelöscht : user_pref("CT2611275.ThirdPartyComponentsInterval", 504);
Zeile gelöscht : user_pref("CT2611275.ThirdPartyComponentsLastCheck", "Fri Jul 02 2010 18:42:00 GMT+0200");
Zeile gelöscht : user_pref("CT2611275.ThirdPartyComponentsLastUpdate", "1277320599");
Zeile gelöscht : user_pref("CT2611275.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Zeile gelöscht : user_pref("CT2611275.UserID", "UN21943961873808715");
Zeile gelöscht : user_pref("CT2611275.ValidationData_Toolbar", 1);
Zeile gelöscht : user_pref("CT2611275.WeatherNetwork", "");
Zeile gelöscht : user_pref("CT2611275.WeatherPollDate", "Fri Jul 02 2010 18:42:31 GMT+0200");
Zeile gelöscht : user_pref("CT2611275.WeatherUnit", "C");
Zeile gelöscht : user_pref("CT2611275.alertChannelId", "1004080");
Zeile gelöscht : user_pref("CT2611275.clientLogIsEnabled", false);
Zeile gelöscht : user_pref("CT2611275.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Zeile gelöscht : user_pref("CT2611275.components.1000082", true);
Zeile gelöscht : user_pref("CT2611275.components.1000234", true);
Zeile gelöscht : user_pref("CT2611275.ct2611275.DialogsAlignMode", "LTR");
Zeile gelöscht : user_pref("CT2611275.ct2611275.FirstTimeSettingsDone", true);
Zeile gelöscht : user_pref("CT2611275.ct2611275.InvalidateCache", false);
Zeile gelöscht : user_pref("CT2611275.ct2611275.LanguagePackLastCheckTime", "Fri Jul 02 2010 18:42:30 GMT+0200");
Zeile gelöscht : user_pref("CT2611275.ct2611275.Locale", "en");
Zeile gelöscht : user_pref("CT2611275.ct2611275.RadioLastCheckTime", "Fri Jul 02 2010 18:42:30 GMT+0200");
Zeile gelöscht : user_pref("CT2611275.ct2611275.RadioLastUpdateIPServer", "3");
Zeile gelöscht : user_pref("CT2611275.ct2611275.RadioLastUpdateServer", "0");
Zeile gelöscht : user_pref("CT2611275.ct2611275.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=ct2611275&octid=EB_ORIGINAL_CTID&SearchSource=1");
Zeile gelöscht : user_pref("CT2611275.ct2611275.SearchInNewTabLastCheckTime", "Fri Jul 02 2010 18:42:28 GMT+0200");
Zeile gelöscht : user_pref("CT2611275.ct2611275.SettingsCheckIntervalMin", 120);
Zeile gelöscht : user_pref("CT2611275.ct2611275.SettingsLastCheckTime", "Fri Jul 02 2010 18:42:25 GMT+0200");
Zeile gelöscht : user_pref("CT2611275.ct2611275.SettingsLastUpdate", "1277320599");
Zeile gelöscht : user_pref("CT2611275.ct2611275.ThirdPartyComponentsLastCheck", "Fri Jul 02 2010 18:42:25 GMT+0200");
Zeile gelöscht : user_pref("CT2611275.ct2611275.ThirdPartyComponentsLastUpdate", "1277320599");
Zeile gelöscht : user_pref("CT2611275.myStuffEnabled", true);
Zeile gelöscht : user_pref("CT2611275.myStuffPublihserMinWidth", 400);
Zeile gelöscht : user_pref("CT2611275.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Zeile gelöscht : user_pref("CT2611275.myStuffServiceIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2611275.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Zeile gelöscht : user_pref("CT2611275.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"803651ba7facb1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"807dc126dd28cc1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Zeile gelöscht : user_pref("CommunityToolbar.IsEngineShown", true);
Zeile gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Zeile gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://go.web.de/suchbox/webdesuche?su=");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2611275,ConduitEngine");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2611275");
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun May 15 2011 14:36:08 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Jun 20 2011 17:47:29 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jun 21 2011 16:58:30 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Zeile gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Zeile gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Zeile gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Zeile gelöscht : user_pref("CommunityToolbar.alert.userId", "cef9367a-b940-4c31-a692-71a0030dd630");
Zeile gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Jul 02 2010 18:42:30 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Thu Jun 16 2011 16:57:12 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.CTID", "ConduitEngine");
Zeile gelöscht : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Mon Jun 20 2011 16:58:32 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.FirstServerDate", "05/15/2011 15");
Zeile gelöscht : user_pref("ConduitEngine.FirstTime", true);
Zeile gelöscht : user_pref("ConduitEngine.FirstTimeFF3", true);
Zeile gelöscht : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Zeile gelöscht : user_pref("ConduitEngine.Initialize", true);
Zeile gelöscht : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("ConduitEngine.InstalledDate", "Sun May 15 2011 14:36:08 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.IsMulticommunity", false);
Zeile gelöscht : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Zeile gelöscht : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Zeile gelöscht : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Tue Jun 21 2011 16:58:37 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Tue Jun 21 2011 15:36:19 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("ConduitEngine.SettingsLastCheckTime", "Tue Jun 21 2011 15:36:19 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.UserID", "UN35543493517833383");
Zeile gelöscht : user_pref("ConduitEngine.componentAlertEnabled", false);
Zeile gelöscht : user_pref("ConduitEngine.engineLocale", "de");
Zeile gelöscht : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Tue Jun 21 2011 16:58:33 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Tue Jun 21 2011 15:36:19 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.initDone", true);
Zeile gelöscht : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Zeile gelöscht : user_pref("ConduitEngine.usagesFlag", 2);
Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=");
Zeile gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Zeile gelöscht : user_pref("icqtoolbar.defSearchChange", true);
Zeile gelöscht : user_pref("icqtoolbar.engineVerified", true);
Zeile gelöscht : user_pref("icqtoolbar.geolastmodified", 1325857241);
Zeile gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
Zeile gelöscht : user_pref("icqtoolbar.history", "Artbegriff||Artbildung||Insektenlarve||Eichel||krabbeldecke%20n%C3%A4hen%20anleitung||krabbeldecke%20n%C3%A4hen||035188815321||Wolle%20Baumwolle%20Indigo||Soester%20Li[...]
Zeile gelöscht : user_pref("icqtoolbar.hpChange", true);
Zeile gelöscht : user_pref("icqtoolbar.icqgeo", 49);
Zeile gelöscht : user_pref("icqtoolbar.installTime", "1325857241");
Zeile gelöscht : user_pref("icqtoolbar.newtab_most_visited_state", "1");
Zeile gelöscht : user_pref("icqtoolbar.newtab_recently_closed_state", "1");
Zeile gelöscht : user_pref("icqtoolbar.newtab_state", "1");
Zeile gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Zeile gelöscht : user_pref("icqtoolbar.previousFFVersion", "8.0.1");
Zeile gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Zeile gelöscht : user_pref("icqtoolbar.suggestions", false);
Zeile gelöscht : user_pref("icqtoolbar.uniqueID", "121414472512141447251214400278556");
Zeile gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1326131168);
Zeile gelöscht : user_pref("icqtoolbar.userEngineApproved", true);
Zeile gelöscht : user_pref("icqtoolbar.userHpApproved", true);
Zeile gelöscht : user_pref("icqtoolbar.version", "1.4.3");
Zeile gelöscht : user_pref("icqtoolbar.voucherHideClicks", 0);
Zeile gelöscht : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Zeile gelöscht : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Zeile gelöscht : user_pref("icqtoolbar.voucherWasShown", 0);
Zeile gelöscht : user_pref("icqtoolbar.xmlEnableHomePageDsGuard", false);
Zeile gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Zeile gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");

*************************

AdwCleaner[R0].txt - [28413 octets] - [23/03/2014 22:10:53]
AdwCleaner[S0].txt - [28023 octets] - [23/03/2014 22:13:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [28084 octets] ##########
--- --- ---JRT Logfile:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Julia Dahm on 23.03.2014 at 22:39:55,39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511291116}



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\sho7673.tmp



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Julia Dahm\appdata\local\{14748CB9-A3D7-4DC5-B2F1-EABEC2AD3E8D}
Successfully deleted: [Empty Folder] C:\Users\Julia Dahm\appdata\local\{298B3363-0EF9-48B3-9A9B-FB42308A2390}
Successfully deleted: [Empty Folder] C:\Users\Julia Dahm\appdata\local\{2A58DFF6-1EB8-437B-8009-54894BD189D7}
Successfully deleted: [Empty Folder] C:\Users\Julia Dahm\appdata\local\{2EA79ED2-D83B-4DC7-AD83-3DAD28727B52}
Successfully deleted: [Empty Folder] C:\Users\Julia Dahm\appdata\local\{35A81037-C294-4A21-9137-BA269E430E36}
Successfully deleted: [Empty Folder] C:\Users\Julia Dahm\appdata\local\{37806793-41B1-40D1-B02B-9E536367423F}
Successfully deleted: [Empty Folder] C:\Users\Julia Dahm\appdata\local\{3A0624B8-64B9-45BB-886C-B34E62210A01}
Successfully deleted: [Empty Folder] C:\Users\Julia Dahm\appdata\local\{3C2B1E8A-08EA-4825-BAFC-5C5334A2B710}
Successfully deleted: [Empty Folder] C:\Users\Julia Dahm\appdata\local\{3DA5F2A9-3CB9-4DDE-9D21-AB018E1BE175}
Successfully deleted: [Empty Folder] C:\Users\Julia Dahm\appdata\local\{4AAC6DA9-62AE-45E1-A939-BDC2F97DFCEA}
Successfully deleted: [Empty Folder] C:\Users\Julia Dahm\appdata\local\{4B8FECDE-2790-4DFF-BFC7-C8CB631CAE3D}
Successfully deleted: [Empty Folder] C:\Users\Julia Dahm\appdata\local\{519C8053-F801-4982-81F7-A78A2883BF78}
Successfully deleted: [Empty Folder] C:\Users\Julia Dahm\appdata\local\{574F5B50-FE3E-4E4A-B255-2606E01A38F6}
Successfully deleted: [Empty Folder] C:\Users\Julia Dahm\appdata\local\{57E4C854-9532-4FFF-A8B5-590CE377AEFE}
Successfully deleted: [Empty Folder] C:\Users\Julia Dahm\appdata\local\{5CB4F40A-5B71-4D4C-894F-2A8B7452FF8A}
Successfully deleted: [Empty Folder] C:\Users\Julia Dahm\appdata\local\{6345FBDB-9680-46AB-AB96-0AC7EF6D07B8}
Successfully deleted: [Empty Folder] C:\Users\Julia Dahm\appdata\local\{65D1E4E9-AA73-4617-9B92-621F48229B40}
Successfully deleted: [Empty Folder] C:\Users\Julia Dahm\appdata\local\{70DE1E07-9746-4118-A67D-D4562D6F16EA}
Successfully deleted: [Empty Folder] C:\Users\Julia Dahm\appdata\local\{7569F3E3-CADE-4793-B3A5-3A2E92020848}
Successfully deleted: [Empty Folder] C:\Users\Julia Dahm\appdata\local\{7D0A3D8C-AB2B-4824-B7FD-C13713A84274}
Successfully deleted: [Empty Folder] C:\Users\Julia Dahm\appdata\local\{8B825EC4-D5E6-4579-9BBA-DC659A888E04}
Successfully deleted: [Empty Folder] C:\Users\Julia Dahm\appdata\local\{8C81B689-47F3-4037-AF28-CE7911B05982}
Successfully deleted: [Empty Folder] C:\Users\Julia Dahm\appdata\local\{8E26A68B-E74F-4BC4-8989-01983FABD2FA}
Successfully deleted: [Empty Folder] C:\Users\Julia Dahm\appdata\local\{9F5B5660-2FF2-4BF5-9C6E-AF286BC5EF2A}
Successfully deleted: [Empty Folder] C:\Users\Julia Dahm\appdata\local\{A21BAD71-DD2C-4984-AD35-5B7836C46EC0}
Successfully deleted: [Empty Folder] C:\Users\Julia Dahm\appdata\local\{A3740B36-8F29-4640-B487-B28BA3661E3D}
Successfully deleted: [Empty Folder] C:\Users\Julia Dahm\appdata\local\{AA901D3A-0A3F-4008-BEC3-70DE00E1592C}
Successfully deleted: [Empty Folder] C:\Users\Julia Dahm\appdata\local\{CE4F56D0-F184-4C03-802B-E2227AA12934}
Successfully deleted: [Empty Folder] C:\Users\Julia Dahm\appdata\local\{D6357362-B3F2-4F8A-B497-0A6F3855FF86}
Successfully deleted: [Empty Folder] C:\Users\Julia Dahm\appdata\local\{DA594DAC-CEC9-4799-B3F9-6125CB3FF469}
Successfully deleted: [Empty Folder] C:\Users\Julia Dahm\appdata\local\{DC2E86F7-163D-4708-BA73-FF8E28B2E4AF}
Successfully deleted: [Empty Folder] C:\Users\Julia Dahm\appdata\local\{DC9CE916-9B20-4DC2-A597-A030E41C58CD}
Successfully deleted: [Empty Folder] C:\Users\Julia Dahm\appdata\local\{E09C8CA4-1D28-4B5C-A369-AFB5D18A4727}
Successfully deleted: [Empty Folder] C:\Users\Julia Dahm\appdata\local\{E6243EC0-DD72-433E-9C97-80FB369BD040}
Successfully deleted: [Empty Folder] C:\Users\Julia Dahm\appdata\local\{E9BD45DE-C8CD-4DC1-8401-6F84ADAFACEE}
Successfully deleted: [Empty Folder] C:\Users\Julia Dahm\appdata\local\{FF083E2C-AD6B-4FBA-9B26-21B4EA7D0350}



~~~ FireFox

Emptied folder: C:\Users\Julia Dahm\AppData\Roaming\mozilla\firefox\profiles\56uvgdlt.default\minidumps [1612 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.03.2014 at 22:48:25,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- --- ---



FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Julia Dahm (administrator) on JULIADAHM-THINK on 23-03-2014 22:52:54
Running from C:\Users\Julia Dahm\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forums

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SAsrv.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Windows\system32\AutiFWWizFwk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
() C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\ProgramData\dlprotect.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
() C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2789160 2011-05-19] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-04-26] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] - C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [40808 2011-05-31] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] - C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-05-25] (Lenovo Group Limited)
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-10-25] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Brdefprn] - C:\Program Files (x86)\Brother\BRHL2035\Brdefprn.exe -d
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\qttask.exe [282624 2007-02-16] (Apple Computer, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Download Protect] - C:\ProgramData\dlprotect.exe [12800 2014-03-18] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3756853789-1326843327-1198811885-1000\...\Run: [LTT] - C:\Program Files\PC-Doctor\EnableToolbarW32.exe [23120 2011-06-27] (PC-Doctor, Inc.)
HKU\S-1-5-21-3756853789-1326843327-1198811885-1000\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1098072 2013-03-27] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3756853789-1326843327-1198811885-1000\...\Run: [Rainlendar2] - C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2598496 2013-03-10] ()
HKU\S-1-5-21-3756853789-1326843327-1198811885-1000\...\MountPoints2: {3bc18afa-9372-11e1-a406-3859f9e8a15c} - E:\preinst.exe
HKU\S-1-5-21-3756853789-1326843327-1198811885-1000\...\MountPoints2: {716d6ef5-8e46-11e2-8902-402cf47b3902} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3756853789-1326843327-1198811885-1000\...\MountPoints2: {80b3a8c6-0935-11e1-baf7-806e6f6e6963} - Q:\LenovoQDrive.exe

==================== Internet (Whitelisted) ====================

ProxyServer: 192.168.0.1:80
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Prev Search Page = Sign In
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE466
BHO: addplushd - {11111111-1111-1111-1111-110511291116} - C:\Program Files (x86)\addplushd\addplushd-bho64.dll No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\56uvgdlt.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: addplushd - C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\56uvgdlt.default\Extensions\a54e453c-130a-4769-9333-c5ec2aa914c5@9bd7cc89-9c7c-44e9-a03b-042b92d363f0.com [2014-03-16]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2013-10-25] (Check Point Software Technologies LTD)
R2 wscriptd; C:\Windows\system32\AutiFWWizFwk.exe [118784 2014-03-18] ()
S2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [454168 2013-10-23] (Check Point Software Technologies LTD)
U2 wuaserv;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-23 22:48 - 2014-03-23 22:48 - 00004983 _____ () C:\Users\Julia Dahm\Desktop\JRT.txt
2014-03-23 22:39 - 2014-03-23 22:39 - 01037734 _____ (Thisisu) C:\Users\Julia Dahm\Desktop\JRT.exe
2014-03-23 22:39 - 2014-03-23 22:39 - 00000000 ____D () C:\Windows\ERUNT
2014-03-23 22:10 - 2014-03-23 22:13 - 00000000 ____D () C:\AdwCleaner
2014-03-23 22:10 - 2014-03-23 22:10 - 01950720 _____ () C:\Users\Julia Dahm\Desktop\adwcleaner.exe
2014-03-23 18:58 - 2014-03-23 18:58 - 00000000 ____D () C:\Users\Julia Dahm\AppData\Local\DoNotTrackPlus
2014-03-23 18:55 - 2014-03-23 18:55 - 00001279 _____ () C:\Users\Julia Dahm\Desktop\Revo Uninstaller.lnk
2014-03-23 18:55 - 2014-03-23 18:55 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-23 16:32 - 2014-03-23 16:34 - 00045520 _____ () C:\Users\Julia Dahm\Desktop\Addition.txt
2014-03-23 16:30 - 2014-03-23 22:52 - 00016365 _____ () C:\Users\Julia Dahm\Desktop\FRST.txt
2014-03-23 16:30 - 2014-03-23 22:52 - 00000000 ____D () C:\FRST
2014-03-23 16:29 - 2014-03-23 16:29 - 02157056 _____ (Farbar) C:\Users\Julia Dahm\Desktop\FRST64.exe
2014-03-18 18:02 - 2014-03-18 18:02 - 00001124 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-18 18:02 - 2014-03-18 18:02 - 00000000 ____D () C:\Users\Julia Dahm\AppData\Roaming\Malwarebytes
2014-03-18 18:02 - 2014-03-18 18:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-18 18:02 - 2014-03-18 18:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-18 18:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-18 17:47 - 2014-03-18 17:47 - 00118784 _____ () C:\Windows\system32\AutiFWWizFwk.exe
2014-03-18 17:47 - 2014-03-18 17:47 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2014-03-18 17:47 - 2014-03-18 17:47 - 00000000 ____D () C:\Users\Julia Dahm\AppData\Roaming\SUPERAntiSpyware.com
2014-03-12 21:42 - 2014-03-12 21:42 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-12 16:46 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 16:46 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 16:46 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 16:46 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 16:46 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 16:46 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 16:46 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 16:46 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 16:46 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 16:46 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 16:46 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 16:46 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 16:46 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 16:46 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 16:46 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 16:46 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 16:46 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 16:46 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 16:46 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 16:46 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 16:46 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 16:46 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 16:46 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 16:46 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 16:46 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 16:46 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 16:46 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 16:46 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 16:46 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 16:46 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 16:46 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 16:46 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 16:46 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 16:46 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 16:46 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 16:46 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 16:46 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 16:46 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 16:46 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 16:46 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 16:46 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 16:46 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 16:46 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 16:46 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 16:43 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 16:43 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 16:43 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 16:43 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-02-26 14:55 - 2014-02-26 14:55 - 00913360 _____ () C:\Windows\Minidump\022614-19375-01.dmp

==================== One Month Modified Files and Folders =======

2014-03-23 22:53 - 2014-03-23 16:30 - 00016365 _____ () C:\Users\Julia Dahm\Desktop\FRST.txt
2014-03-23 22:52 - 2014-03-23 16:30 - 00000000 ____D () C:\FRST
2014-03-23 22:48 - 2014-03-23 22:48 - 00004983 _____ () C:\Users\Julia Dahm\Desktop\JRT.txt
2014-03-23 22:39 - 2014-03-23 22:39 - 01037734 _____ (Thisisu) C:\Users\Julia Dahm\Desktop\JRT.exe
2014-03-23 22:39 - 2014-03-23 22:39 - 00000000 ____D () C:\Windows\ERUNT
2014-03-23 22:23 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-23 22:23 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-23 22:15 - 2013-07-16 15:55 - 00000000 ____D () C:\Users\Julia Dahm\.rainlendar2
2014-03-23 22:15 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-23 22:14 - 2011-11-07 12:45 - 01722306 _____ () C:\Windows\WindowsUpdate.log
2014-03-23 22:14 - 2009-07-14 05:51 - 00070602 _____ () C:\Windows\setupact.log
2014-03-23 22:13 - 2014-03-23 22:10 - 00000000 ____D () C:\AdwCleaner
2014-03-23 22:10 - 2014-03-23 22:10 - 01950720 _____ () C:\Users\Julia Dahm\Desktop\adwcleaner.exe
2014-03-23 22:03 - 2012-11-11 19:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-23 22:03 - 2010-11-21 04:47 - 00944418 _____ () C:\Windows\PFRO.log
2014-03-23 19:14 - 2012-01-13 13:37 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-03-23 19:14 - 2012-01-13 13:37 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-03-23 19:12 - 2012-01-22 15:50 - 00000254 _____ () C:\Windows\Brownie.ini
2014-03-23 18:58 - 2014-03-23 18:58 - 00000000 ____D () C:\Users\Julia Dahm\AppData\Local\DoNotTrackPlus
2014-03-23 18:55 - 2014-03-23 18:55 - 00001279 _____ () C:\Users\Julia Dahm\Desktop\Revo Uninstaller.lnk
2014-03-23 18:55 - 2014-03-23 18:55 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-23 18:47 - 2011-11-07 21:26 - 00700118 _____ () C:\Windows\system32\perfh007.dat
2014-03-23 18:47 - 2011-11-07 21:26 - 00149968 _____ () C:\Windows\system32\perfc007.dat
2014-03-23 18:47 - 2009-07-14 06:13 - 01622228 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-23 16:44 - 2012-01-13 13:37 - 00003516 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-03-23 16:44 - 2012-01-13 13:37 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-03-23 16:34 - 2014-03-23 16:32 - 00045520 _____ () C:\Users\Julia Dahm\Desktop\Addition.txt
2014-03-23 16:29 - 2014-03-23 16:29 - 02157056 _____ (Farbar) C:\Users\Julia Dahm\Desktop\FRST64.exe
2014-03-23 16:15 - 2012-01-13 13:37 - 00004256 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-03-19 03:05 - 2013-07-19 10:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 03:01 - 2012-01-13 15:30 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 18:02 - 2014-03-18 18:02 - 00001124 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-18 18:02 - 2014-03-18 18:02 - 00000000 ____D () C:\Users\Julia Dahm\AppData\Roaming\Malwarebytes
2014-03-18 18:02 - 2014-03-18 18:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-18 18:02 - 2014-03-18 18:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-18 17:47 - 2014-03-18 17:47 - 00118784 _____ () C:\Windows\system32\AutiFWWizFwk.exe
2014-03-18 17:47 - 2014-03-18 17:47 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2014-03-18 17:47 - 2014-03-18 17:47 - 00000000 ____D () C:\Users\Julia Dahm\AppData\Roaming\SUPERAntiSpyware.com
2014-03-17 16:28 - 2009-07-14 05:45 - 02427096 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-17 16:26 - 2012-05-15 02:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-17 16:26 - 2012-05-15 02:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-17 12:20 - 2012-02-25 13:29 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-14 19:54 - 2011-11-07 12:50 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-14 19:52 - 2012-02-12 17:46 - 00000000 ____D () C:\Users\Julia Dahm\AppData\Local\CrashDumps
2014-03-12 21:42 - 2014-03-12 21:42 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-12 21:42 - 2012-11-11 19:14 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 21:42 - 2012-04-03 20:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 21:42 - 2012-04-03 20:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 16:30 - 2011-03-01 18:57 - 00000000 ____D () C:\Users\Julia Dahm\AppData\Roaming\vlc
2014-03-06 03:01 - 2013-02-17 09:48 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-06 03:01 - 2012-01-14 13:40 - 00000000 ____D () C:\ProgramData\Skype
2014-03-05 15:21 - 2011-11-07 12:56 - 01596508 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-01 07:05 - 2014-03-12 16:46 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-12 16:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-12 16:46 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-12 16:46 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-12 16:46 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-12 16:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-12 16:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-12 16:46 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-12 16:46 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-12 16:46 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-12 16:46 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-12 16:46 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-12 16:46 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-12 16:46 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-12 16:46 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-12 16:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-12 16:46 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-12 16:46 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-12 16:46 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-12 16:46 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-12 16:46 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-12 16:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-12 16:46 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-12 16:46 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-12 16:46 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-12 16:46 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-12 16:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-12 16:46 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-12 16:46 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-12 16:46 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-12 16:46 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-12 16:46 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-12 16:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-12 16:46 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-12 16:46 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-12 16:46 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-12 16:46 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-12 16:46 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-12 16:46 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-12 16:46 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-26 14:55 - 2014-02-26 14:55 - 00913360 _____ () C:\Windows\Minidump\022614-19375-01.dmp
2014-02-26 14:55 - 2012-08-31 16:27 - 551312836 _____ () C:\Windows\MEMORY.DMP
2014-02-26 14:55 - 2012-08-31 16:27 - 00000000 ____D () C:\Windows\Minidump

Files to move or delete:
====================
C:\ProgramData\dlprotect.exe
C:\Users\Julia Dahm\ntuser (1).dat


Some content of TEMP:
====================
C:\Users\Julia Dahm\AppData\Local\Temp\AskSLib.dll
C:\Users\Julia Dahm\AppData\Local\Temp\avgnt.exe
C:\Users\Julia Dahm\AppData\Local\Temp\conduitinstaller.exe
C:\Users\Julia Dahm\AppData\Local\Temp\contentDATs.exe
C:\Users\Julia Dahm\AppData\Local\Temp\ffunzip.exe
C:\Users\Julia Dahm\AppData\Local\Temp\finvap.exe
C:\Users\Julia Dahm\AppData\Local\Temp\firefoxjre_exe-1.exe
C:\Users\Julia Dahm\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Julia Dahm\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit-1.exe
C:\Users\Julia Dahm\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-6u15-windows-i586-iftw.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Julia Dahm\AppData\Local\Temp\Quarantine.exe
C:\Users\Julia Dahm\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Julia Dahm\AppData\Local\Temp\SkypeSetup (1).exe
C:\Users\Julia Dahm\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Julia Dahm\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\Julia Dahm\AppData\Local\Temp\vlc-2.0.6-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-10 17:03

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Das Problem wurde leider nicht behoben!

schrauber 24.03.2014 12:48

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

jumarci 25.03.2014 21:40
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c6efdccd006e544e9b3c2743195efd1a
# engine=17612
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-25 08:26:04
# local_time=2014-03-25 09:26:04 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 11647 166450469 4400 0
# compatibility_mode=5893 16776573 100 94 171364 147409014 0 0
# compatibility_mode=9217 16777214 75 4 11427088 11427088 0 0
# scanned=179154
# found=0
# cleaned=0
# scan_time=7245

Results of screen317's Security Check version 0.99.80
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.75.0.1300
JavaFX 2.1.1
Java 7 Update 45
Java(TM) 6 Update 5
Java version out of Date!
Adobe Flash Player 12.0.0.77
Adobe Reader 10.1.9 Adobe Reader out of Date!
Mozilla Firefox (27.0.1)
Mozilla Thunderbird (24.3.0)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
CheckPoint ZoneAlarm ZAPrivacyService.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Julia Dahm (administrator) on JULIADAHM-THINK on 25-03-2014 21:35:21
Running from C:\Users\Julia Dahm\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SAsrv.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Windows\system32\AutiFWWizFwk.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
() C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\ProgramData\dlprotect.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
(brother) C:\Program Files (x86)\Brownie\brstsw64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
() C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2789160 2011-05-19] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-04-26] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] - C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [40808 2011-05-31] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] - C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-05-25] (Lenovo Group Limited)
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-10-25] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Brdefprn] - C:\Program Files (x86)\Brother\BRHL2035\Brdefprn.exe -d
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\qttask.exe [282624 2007-02-16] (Apple Computer, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Download Protect] - C:\ProgramData\dlprotect.exe [12800 2014-03-18] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3756853789-1326843327-1198811885-1000\...\Run: [LTT] - C:\Program Files\PC-Doctor\EnableToolbarW32.exe [23120 2011-06-27] (PC-Doctor, Inc.)
HKU\S-1-5-21-3756853789-1326843327-1198811885-1000\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1098072 2013-03-27] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3756853789-1326843327-1198811885-1000\...\Run: [Rainlendar2] - C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2598496 2013-03-10] ()
HKU\S-1-5-21-3756853789-1326843327-1198811885-1000\...\MountPoints2: {3bc18afa-9372-11e1-a406-3859f9e8a15c} - E:\preinst.exe
HKU\S-1-5-21-3756853789-1326843327-1198811885-1000\...\MountPoints2: {716d6ef5-8e46-11e2-8902-402cf47b3902} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3756853789-1326843327-1198811885-1000\...\MountPoints2: {80b3a8c6-0935-11e1-baf7-806e6f6e6963} - Q:\LenovoQDrive.exe

==================== Internet (Whitelisted) ====================

ProxyServer: 192.168.0.1:80
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Prev Search Page = Sign In
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.zonealarm.com/?src=hp&tbid=goughGA&Lan=de&gu=b8ea6d630ba940d2bedce84838c11688&tu=10GXy00Az1C01g0&sku=&tstsId=&ver=&
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE466
BHO: addplushd - {11111111-1111-1111-1111-110511291116} - C:\Program Files (x86)\addplushd\addplushd-bho64.dll No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\56uvgdlt.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Download Protect - C:\Program Files (x86)\Mozilla Firefox\extensions\{B354EECC-8681-47E3-BAB1-4533D10C0274} [2014-03-25]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{B354EECC-8681-47E3-BAB1-4533D10C0274}] - C:\Program Files (x86)\Mozilla Firefox\extensions\{B354EECC-8681-47E3-BAB1-4533D10C0274}
FF Extension: Download Protect - C:\Program Files (x86)\Mozilla Firefox\extensions\{B354EECC-8681-47E3-BAB1-4533D10C0274} [2014-03-25]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2013-10-25] (Check Point Software Technologies LTD)
R2 wscriptd; C:\Windows\system32\AutiFWWizFwk.exe [118784 2014-03-18] ()
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [454168 2013-10-23] (Check Point Software Technologies LTD)
U2 wuaserv;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-25 21:31 - 2014-03-25 21:31 - 00987442 _____ () C:\Users\Julia Dahm\Desktop\SecurityCheck.exe
2014-03-25 19:21 - 2014-03-25 19:21 - 02347384 _____ (ESET) C:\Users\Julia Dahm\Desktop\esetsmartinstaller_enu.exe
2014-03-23 22:48 - 2014-03-23 22:48 - 00004983 _____ () C:\Users\Julia Dahm\Desktop\JRT.txt
2014-03-23 22:39 - 2014-03-23 22:39 - 01037734 _____ (Thisisu) C:\Users\Julia Dahm\Desktop\JRT.exe
2014-03-23 22:39 - 2014-03-23 22:39 - 00000000 ____D () C:\Windows\ERUNT
2014-03-23 22:10 - 2014-03-23 22:13 - 00000000 ____D () C:\AdwCleaner
2014-03-23 22:10 - 2014-03-23 22:10 - 01950720 _____ () C:\Users\Julia Dahm\Desktop\adwcleaner.exe
2014-03-23 18:58 - 2014-03-23 18:58 - 00000000 ____D () C:\Users\Julia Dahm\AppData\Local\DoNotTrackPlus
2014-03-23 18:55 - 2014-03-23 18:55 - 00001279 _____ () C:\Users\Julia Dahm\Desktop\Revo Uninstaller.lnk
2014-03-23 18:55 - 2014-03-23 18:55 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-23 16:32 - 2014-03-23 16:34 - 00045520 _____ () C:\Users\Julia Dahm\Desktop\Addition.txt
2014-03-23 16:30 - 2014-03-25 21:35 - 00016730 _____ () C:\Users\Julia Dahm\Desktop\FRST.txt
2014-03-23 16:30 - 2014-03-25 21:35 - 00000000 ____D () C:\FRST
2014-03-23 16:29 - 2014-03-23 16:29 - 02157056 _____ (Farbar) C:\Users\Julia Dahm\Desktop\FRST64.exe
2014-03-18 18:02 - 2014-03-18 18:02 - 00001124 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-18 18:02 - 2014-03-18 18:02 - 00000000 ____D () C:\Users\Julia Dahm\AppData\Roaming\Malwarebytes
2014-03-18 18:02 - 2014-03-18 18:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-18 18:02 - 2014-03-18 18:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-18 18:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-18 17:47 - 2014-03-18 17:47 - 00118784 _____ () C:\Windows\system32\AutiFWWizFwk.exe
2014-03-18 17:47 - 2014-03-18 17:47 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2014-03-18 17:47 - 2014-03-18 17:47 - 00000000 ____D () C:\Users\Julia Dahm\AppData\Roaming\SUPERAntiSpyware.com
2014-03-12 21:42 - 2014-03-12 21:42 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-12 16:46 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 16:46 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 16:46 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 16:46 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 16:46 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 16:46 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 16:46 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 16:46 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 16:46 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 16:46 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 16:46 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 16:46 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 16:46 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 16:46 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 16:46 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 16:46 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 16:46 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 16:46 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 16:46 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 16:46 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 16:46 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 16:46 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 16:46 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 16:46 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 16:46 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 16:46 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 16:46 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 16:46 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 16:46 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 16:46 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 16:46 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 16:46 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 16:46 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 16:46 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 16:46 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 16:46 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 16:46 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 16:46 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 16:46 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 16:46 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 16:46 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 16:46 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 16:46 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 16:46 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 16:43 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 16:43 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 16:43 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 16:43 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-02-26 14:55 - 2014-02-26 14:55 - 00913360 _____ () C:\Windows\Minidump\022614-19375-01.dmp

==================== One Month Modified Files and Folders =======

2014-03-25 21:35 - 2014-03-23 16:30 - 00016730 _____ () C:\Users\Julia Dahm\Desktop\FRST.txt
2014-03-25 21:35 - 2014-03-23 16:30 - 00000000 ____D () C:\FRST
2014-03-25 21:31 - 2014-03-25 21:31 - 00987442 _____ () C:\Users\Julia Dahm\Desktop\SecurityCheck.exe
2014-03-25 21:03 - 2012-11-11 19:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-25 20:36 - 2011-11-07 12:45 - 01763890 _____ () C:\Windows\WindowsUpdate.log
2014-03-25 19:23 - 2014-02-14 17:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-25 19:21 - 2014-03-25 19:21 - 02347384 _____ (ESET) C:\Users\Julia Dahm\Desktop\esetsmartinstaller_enu.exe
2014-03-25 19:12 - 2012-01-13 13:37 - 00003516 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-03-25 19:12 - 2012-01-13 13:37 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-03-25 19:12 - 2012-01-13 13:37 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-03-25 19:11 - 2012-01-22 15:50 - 00000281 _____ () C:\Windows\Brownie.ini
2014-03-23 23:09 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-23 23:09 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-23 23:04 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-23 23:03 - 2009-07-14 06:08 - 00032616 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-23 23:02 - 2013-07-16 15:55 - 00000000 ____D () C:\Users\Julia Dahm\.rainlendar2
2014-03-23 23:00 - 2009-07-14 05:51 - 00070658 _____ () C:\Windows\setupact.log
2014-03-23 22:48 - 2014-03-23 22:48 - 00004983 _____ () C:\Users\Julia Dahm\Desktop\JRT.txt
2014-03-23 22:39 - 2014-03-23 22:39 - 01037734 _____ (Thisisu) C:\Users\Julia Dahm\Desktop\JRT.exe
2014-03-23 22:39 - 2014-03-23 22:39 - 00000000 ____D () C:\Windows\ERUNT
2014-03-23 22:13 - 2014-03-23 22:10 - 00000000 ____D () C:\AdwCleaner
2014-03-23 22:13 - 2010-07-02 15:30 - 00000000 ____D () C:\Users\Julia Dahm\AppData\Roaming\CheckPoint
2014-03-23 22:10 - 2014-03-23 22:10 - 01950720 _____ () C:\Users\Julia Dahm\Desktop\adwcleaner.exe
2014-03-23 22:03 - 2010-11-21 04:47 - 00944418 _____ () C:\Windows\PFRO.log
2014-03-23 19:14 - 2012-01-13 13:37 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-03-23 18:58 - 2014-03-23 18:58 - 00000000 ____D () C:\Users\Julia Dahm\AppData\Local\DoNotTrackPlus
2014-03-23 18:55 - 2014-03-23 18:55 - 00001279 _____ () C:\Users\Julia Dahm\Desktop\Revo Uninstaller.lnk
2014-03-23 18:55 - 2014-03-23 18:55 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-23 18:47 - 2011-11-07 21:26 - 00700118 _____ () C:\Windows\system32\perfh007.dat
2014-03-23 18:47 - 2011-11-07 21:26 - 00149968 _____ () C:\Windows\system32\perfc007.dat
2014-03-23 18:47 - 2009-07-14 06:13 - 01622228 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-23 16:34 - 2014-03-23 16:32 - 00045520 _____ () C:\Users\Julia Dahm\Desktop\Addition.txt
2014-03-23 16:29 - 2014-03-23 16:29 - 02157056 _____ (Farbar) C:\Users\Julia Dahm\Desktop\FRST64.exe
2014-03-23 16:15 - 2012-01-13 13:37 - 00004256 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-03-19 03:05 - 2013-07-19 10:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 03:01 - 2012-01-13 15:30 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 18:02 - 2014-03-18 18:02 - 00001124 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-18 18:02 - 2014-03-18 18:02 - 00000000 ____D () C:\Users\Julia Dahm\AppData\Roaming\Malwarebytes
2014-03-18 18:02 - 2014-03-18 18:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-18 18:02 - 2014-03-18 18:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-18 17:47 - 2014-03-18 17:47 - 00118784 _____ () C:\Windows\system32\AutiFWWizFwk.exe
2014-03-18 17:47 - 2014-03-18 17:47 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2014-03-18 17:47 - 2014-03-18 17:47 - 00000000 ____D () C:\Users\Julia Dahm\AppData\Roaming\SUPERAntiSpyware.com
2014-03-17 16:28 - 2009-07-14 05:45 - 02427096 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-17 16:26 - 2012-05-15 02:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-17 16:26 - 2012-05-15 02:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-17 12:20 - 2012-02-25 13:29 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-14 19:54 - 2011-11-07 12:50 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-14 19:52 - 2012-02-12 17:46 - 00000000 ____D () C:\Users\Julia Dahm\AppData\Local\CrashDumps
2014-03-12 21:42 - 2014-03-12 21:42 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-12 21:42 - 2012-11-11 19:14 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 21:42 - 2012-04-03 20:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 21:42 - 2012-04-03 20:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 16:30 - 2011-03-01 18:57 - 00000000 ____D () C:\Users\Julia Dahm\AppData\Roaming\vlc
2014-03-06 03:01 - 2013-02-17 09:48 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-06 03:01 - 2012-01-14 13:40 - 00000000 ____D () C:\ProgramData\Skype
2014-03-05 15:21 - 2011-11-07 12:56 - 01596508 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-01 07:05 - 2014-03-12 16:46 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-12 16:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-12 16:46 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-12 16:46 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-12 16:46 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-12 16:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-12 16:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-12 16:46 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-12 16:46 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-12 16:46 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-12 16:46 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-12 16:46 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-12 16:46 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-12 16:46 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-12 16:46 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-12 16:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-12 16:46 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-12 16:46 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-12 16:46 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-12 16:46 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-12 16:46 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-12 16:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-12 16:46 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-12 16:46 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-12 16:46 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-12 16:46 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-12 16:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-12 16:46 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-12 16:46 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-12 16:46 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-12 16:46 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-12 16:46 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-12 16:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-12 16:46 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-12 16:46 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-12 16:46 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-12 16:46 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-12 16:46 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-12 16:46 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-12 16:46 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-26 14:55 - 2014-02-26 14:55 - 00913360 _____ () C:\Windows\Minidump\022614-19375-01.dmp
2014-02-26 14:55 - 2012-08-31 16:27 - 551312836 _____ () C:\Windows\MEMORY.DMP
2014-02-26 14:55 - 2012-08-31 16:27 - 00000000 ____D () C:\Windows\Minidump

Files to move or delete:
====================
C:\ProgramData\dlprotect.exe
C:\Users\Julia Dahm\ntuser (1).dat


Some content of TEMP:
====================
C:\Users\Julia Dahm\AppData\Local\Temp\AskSLib.dll
C:\Users\Julia Dahm\AppData\Local\Temp\avgnt.exe
C:\Users\Julia Dahm\AppData\Local\Temp\conduitinstaller.exe
C:\Users\Julia Dahm\AppData\Local\Temp\contentDATs.exe
C:\Users\Julia Dahm\AppData\Local\Temp\ffunzip.exe
C:\Users\Julia Dahm\AppData\Local\Temp\finvap.exe
C:\Users\Julia Dahm\AppData\Local\Temp\firefoxjre_exe-1.exe
C:\Users\Julia Dahm\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Julia Dahm\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit-1.exe
C:\Users\Julia Dahm\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-6u15-windows-i586-iftw.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Julia Dahm\AppData\Local\Temp\Quarantine.exe
C:\Users\Julia Dahm\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Julia Dahm\AppData\Local\Temp\SkypeSetup (1).exe
C:\Users\Julia Dahm\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Julia Dahm\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\Julia Dahm\AppData\Local\Temp\vlc-2.0.6-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-10 17:03

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Julia Dahm (administrator) on JULIADAHM-THINK on 25-03-2014 21:35:21
Running from C:\Users\Julia Dahm\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SAsrv.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Windows\system32\AutiFWWizFwk.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
() C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\ProgramData\dlprotect.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
(brother) C:\Program Files (x86)\Brownie\brstsw64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
() C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2789160 2011-05-19] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-04-26] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] - C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [40808 2011-05-31] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] - C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-05-25] (Lenovo Group Limited)
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-10-25] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Brdefprn] - C:\Program Files (x86)\Brother\BRHL2035\Brdefprn.exe -d
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\qttask.exe [282624 2007-02-16] (Apple Computer, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Download Protect] - C:\ProgramData\dlprotect.exe [12800 2014-03-18] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3756853789-1326843327-1198811885-1000\...\Run: [LTT] - C:\Program Files\PC-Doctor\EnableToolbarW32.exe [23120 2011-06-27] (PC-Doctor, Inc.)
HKU\S-1-5-21-3756853789-1326843327-1198811885-1000\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1098072 2013-03-27] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3756853789-1326843327-1198811885-1000\...\Run: [Rainlendar2] - C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2598496 2013-03-10] ()
HKU\S-1-5-21-3756853789-1326843327-1198811885-1000\...\MountPoints2: {3bc18afa-9372-11e1-a406-3859f9e8a15c} - E:\preinst.exe
HKU\S-1-5-21-3756853789-1326843327-1198811885-1000\...\MountPoints2: {716d6ef5-8e46-11e2-8902-402cf47b3902} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3756853789-1326843327-1198811885-1000\...\MountPoints2: {80b3a8c6-0935-11e1-baf7-806e6f6e6963} - Q:\LenovoQDrive.exe

==================== Internet (Whitelisted) ====================

ProxyServer: 192.168.0.1:80
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Prev Search Page = Sign In
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.zonealarm.com/?src=hp&tbid=goughGA&Lan=de&gu=b8ea6d630ba940d2bedce84838c11688&tu=10GXy00Az1C01g0&sku=&tstsId=&ver=&
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE466
BHO: addplushd - {11111111-1111-1111-1111-110511291116} - C:\Program Files (x86)\addplushd\addplushd-bho64.dll No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Julia Dahm\AppData\Roaming\Mozilla\Firefox\Profiles\56uvgdlt.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Download Protect - C:\Program Files (x86)\Mozilla Firefox\extensions\{B354EECC-8681-47E3-BAB1-4533D10C0274} [2014-03-25]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{B354EECC-8681-47E3-BAB1-4533D10C0274}] - C:\Program Files (x86)\Mozilla Firefox\extensions\{B354EECC-8681-47E3-BAB1-4533D10C0274}
FF Extension: Download Protect - C:\Program Files (x86)\Mozilla Firefox\extensions\{B354EECC-8681-47E3-BAB1-4533D10C0274} [2014-03-25]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2013-10-25] (Check Point Software Technologies LTD)
R2 wscriptd; C:\Windows\system32\AutiFWWizFwk.exe [118784 2014-03-18] ()
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [454168 2013-10-23] (Check Point Software Technologies LTD)
U2 wuaserv;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-25 21:31 - 2014-03-25 21:31 - 00987442 _____ () C:\Users\Julia Dahm\Desktop\SecurityCheck.exe
2014-03-25 19:21 - 2014-03-25 19:21 - 02347384 _____ (ESET) C:\Users\Julia Dahm\Desktop\esetsmartinstaller_enu.exe
2014-03-23 22:48 - 2014-03-23 22:48 - 00004983 _____ () C:\Users\Julia Dahm\Desktop\JRT.txt
2014-03-23 22:39 - 2014-03-23 22:39 - 01037734 _____ (Thisisu) C:\Users\Julia Dahm\Desktop\JRT.exe
2014-03-23 22:39 - 2014-03-23 22:39 - 00000000 ____D () C:\Windows\ERUNT
2014-03-23 22:10 - 2014-03-23 22:13 - 00000000 ____D () C:\AdwCleaner
2014-03-23 22:10 - 2014-03-23 22:10 - 01950720 _____ () C:\Users\Julia Dahm\Desktop\adwcleaner.exe
2014-03-23 18:58 - 2014-03-23 18:58 - 00000000 ____D () C:\Users\Julia Dahm\AppData\Local\DoNotTrackPlus
2014-03-23 18:55 - 2014-03-23 18:55 - 00001279 _____ () C:\Users\Julia Dahm\Desktop\Revo Uninstaller.lnk
2014-03-23 18:55 - 2014-03-23 18:55 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-23 16:32 - 2014-03-23 16:34 - 00045520 _____ () C:\Users\Julia Dahm\Desktop\Addition.txt
2014-03-23 16:30 - 2014-03-25 21:35 - 00016730 _____ () C:\Users\Julia Dahm\Desktop\FRST.txt
2014-03-23 16:30 - 2014-03-25 21:35 - 00000000 ____D () C:\FRST
2014-03-23 16:29 - 2014-03-23 16:29 - 02157056 _____ (Farbar) C:\Users\Julia Dahm\Desktop\FRST64.exe
2014-03-18 18:02 - 2014-03-18 18:02 - 00001124 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-18 18:02 - 2014-03-18 18:02 - 00000000 ____D () C:\Users\Julia Dahm\AppData\Roaming\Malwarebytes
2014-03-18 18:02 - 2014-03-18 18:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-18 18:02 - 2014-03-18 18:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-18 18:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-18 17:47 - 2014-03-18 17:47 - 00118784 _____ () C:\Windows\system32\AutiFWWizFwk.exe
2014-03-18 17:47 - 2014-03-18 17:47 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2014-03-18 17:47 - 2014-03-18 17:47 - 00000000 ____D () C:\Users\Julia Dahm\AppData\Roaming\SUPERAntiSpyware.com
2014-03-12 21:42 - 2014-03-12 21:42 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-12 16:46 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 16:46 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 16:46 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 16:46 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 16:46 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 16:46 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 16:46 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 16:46 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 16:46 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 16:46 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 16:46 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 16:46 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 16:46 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 16:46 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 16:46 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 16:46 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 16:46 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 16:46 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 16:46 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 16:46 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 16:46 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 16:46 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 16:46 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 16:46 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 16:46 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 16:46 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 16:46 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 16:46 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 16:46 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 16:46 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 16:46 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 16:46 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 16:46 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 16:46 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 16:46 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 16:46 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 16:46 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 16:46 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 16:46 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 16:46 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 16:46 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 16:46 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 16:46 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 16:46 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 16:43 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 16:43 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 16:43 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 16:43 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-02-26 14:55 - 2014-02-26 14:55 - 00913360 _____ () C:\Windows\Minidump\022614-19375-01.dmp

==================== One Month Modified Files and Folders =======

2014-03-25 21:35 - 2014-03-23 16:30 - 00016730 _____ () C:\Users\Julia Dahm\Desktop\FRST.txt
2014-03-25 21:35 - 2014-03-23 16:30 - 00000000 ____D () C:\FRST
2014-03-25 21:31 - 2014-03-25 21:31 - 00987442 _____ () C:\Users\Julia Dahm\Desktop\SecurityCheck.exe
2014-03-25 21:03 - 2012-11-11 19:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-25 20:36 - 2011-11-07 12:45 - 01763890 _____ () C:\Windows\WindowsUpdate.log
2014-03-25 19:23 - 2014-02-14 17:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-25 19:21 - 2014-03-25 19:21 - 02347384 _____ (ESET) C:\Users\Julia Dahm\Desktop\esetsmartinstaller_enu.exe
2014-03-25 19:12 - 2012-01-13 13:37 - 00003516 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-03-25 19:12 - 2012-01-13 13:37 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-03-25 19:12 - 2012-01-13 13:37 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-03-25 19:11 - 2012-01-22 15:50 - 00000281 _____ () C:\Windows\Brownie.ini
2014-03-23 23:09 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-23 23:09 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-23 23:04 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-23 23:03 - 2009-07-14 06:08 - 00032616 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-23 23:02 - 2013-07-16 15:55 - 00000000 ____D () C:\Users\Julia Dahm\.rainlendar2
2014-03-23 23:00 - 2009-07-14 05:51 - 00070658 _____ () C:\Windows\setupact.log
2014-03-23 22:48 - 2014-03-23 22:48 - 00004983 _____ () C:\Users\Julia Dahm\Desktop\JRT.txt
2014-03-23 22:39 - 2014-03-23 22:39 - 01037734 _____ (Thisisu) C:\Users\Julia Dahm\Desktop\JRT.exe
2014-03-23 22:39 - 2014-03-23 22:39 - 00000000 ____D () C:\Windows\ERUNT
2014-03-23 22:13 - 2014-03-23 22:10 - 00000000 ____D () C:\AdwCleaner
2014-03-23 22:13 - 2010-07-02 15:30 - 00000000 ____D () C:\Users\Julia Dahm\AppData\Roaming\CheckPoint
2014-03-23 22:10 - 2014-03-23 22:10 - 01950720 _____ () C:\Users\Julia Dahm\Desktop\adwcleaner.exe
2014-03-23 22:03 - 2010-11-21 04:47 - 00944418 _____ () C:\Windows\PFRO.log
2014-03-23 19:14 - 2012-01-13 13:37 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-03-23 18:58 - 2014-03-23 18:58 - 00000000 ____D () C:\Users\Julia Dahm\AppData\Local\DoNotTrackPlus
2014-03-23 18:55 - 2014-03-23 18:55 - 00001279 _____ () C:\Users\Julia Dahm\Desktop\Revo Uninstaller.lnk
2014-03-23 18:55 - 2014-03-23 18:55 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-23 18:47 - 2011-11-07 21:26 - 00700118 _____ () C:\Windows\system32\perfh007.dat
2014-03-23 18:47 - 2011-11-07 21:26 - 00149968 _____ () C:\Windows\system32\perfc007.dat
2014-03-23 18:47 - 2009-07-14 06:13 - 01622228 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-23 16:34 - 2014-03-23 16:32 - 00045520 _____ () C:\Users\Julia Dahm\Desktop\Addition.txt
2014-03-23 16:29 - 2014-03-23 16:29 - 02157056 _____ (Farbar) C:\Users\Julia Dahm\Desktop\FRST64.exe
2014-03-23 16:15 - 2012-01-13 13:37 - 00004256 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-03-19 03:05 - 2013-07-19 10:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 03:01 - 2012-01-13 15:30 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 18:02 - 2014-03-18 18:02 - 00001124 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-18 18:02 - 2014-03-18 18:02 - 00000000 ____D () C:\Users\Julia Dahm\AppData\Roaming\Malwarebytes
2014-03-18 18:02 - 2014-03-18 18:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-18 18:02 - 2014-03-18 18:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-18 17:47 - 2014-03-18 17:47 - 00118784 _____ () C:\Windows\system32\AutiFWWizFwk.exe
2014-03-18 17:47 - 2014-03-18 17:47 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2014-03-18 17:47 - 2014-03-18 17:47 - 00000000 ____D () C:\Users\Julia Dahm\AppData\Roaming\SUPERAntiSpyware.com
2014-03-17 16:28 - 2009-07-14 05:45 - 02427096 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-17 16:26 - 2012-05-15 02:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-17 16:26 - 2012-05-15 02:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-17 12:20 - 2012-02-25 13:29 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-14 19:54 - 2011-11-07 12:50 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-14 19:52 - 2012-02-12 17:46 - 00000000 ____D () C:\Users\Julia Dahm\AppData\Local\CrashDumps
2014-03-12 21:42 - 2014-03-12 21:42 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-12 21:42 - 2012-11-11 19:14 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 21:42 - 2012-04-03 20:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 21:42 - 2012-04-03 20:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 16:30 - 2011-03-01 18:57 - 00000000 ____D () C:\Users\Julia Dahm\AppData\Roaming\vlc
2014-03-06 03:01 - 2013-02-17 09:48 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-06 03:01 - 2012-01-14 13:40 - 00000000 ____D () C:\ProgramData\Skype
2014-03-05 15:21 - 2011-11-07 12:56 - 01596508 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-01 07:05 - 2014-03-12 16:46 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-12 16:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-12 16:46 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-12 16:46 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-12 16:46 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-12 16:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-12 16:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-12 16:46 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-12 16:46 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-12 16:46 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-12 16:46 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-12 16:46 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-12 16:46 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-12 16:46 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-12 16:46 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-12 16:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-12 16:46 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-12 16:46 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-12 16:46 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-12 16:46 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-12 16:46 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-12 16:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-12 16:46 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-12 16:46 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-12 16:46 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-12 16:46 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-12 16:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-12 16:46 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-12 16:46 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-12 16:46 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-12 16:46 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-12 16:46 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-12 16:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-12 16:46 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-12 16:46 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-12 16:46 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-12 16:46 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-12 16:46 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-12 16:46 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-12 16:46 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-26 14:55 - 2014-02-26 14:55 - 00913360 _____ () C:\Windows\Minidump\022614-19375-01.dmp
2014-02-26 14:55 - 2012-08-31 16:27 - 551312836 _____ () C:\Windows\MEMORY.DMP
2014-02-26 14:55 - 2012-08-31 16:27 - 00000000 ____D () C:\Windows\Minidump

Files to move or delete:
====================
C:\ProgramData\dlprotect.exe
C:\Users\Julia Dahm\ntuser (1).dat


Some content of TEMP:
====================
C:\Users\Julia Dahm\AppData\Local\Temp\AskSLib.dll
C:\Users\Julia Dahm\AppData\Local\Temp\avgnt.exe
C:\Users\Julia Dahm\AppData\Local\Temp\conduitinstaller.exe
C:\Users\Julia Dahm\AppData\Local\Temp\contentDATs.exe
C:\Users\Julia Dahm\AppData\Local\Temp\ffunzip.exe
C:\Users\Julia Dahm\AppData\Local\Temp\finvap.exe
C:\Users\Julia Dahm\AppData\Local\Temp\firefoxjre_exe-1.exe
C:\Users\Julia Dahm\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Julia Dahm\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit-1.exe
C:\Users\Julia Dahm\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-6u15-windows-i586-iftw.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Julia Dahm\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Julia Dahm\AppData\Local\Temp\Quarantine.exe
C:\Users\Julia Dahm\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Julia Dahm\AppData\Local\Temp\SkypeSetup (1).exe
C:\Users\Julia Dahm\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Julia Dahm\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\Julia Dahm\AppData\Local\Temp\vlc-2.0.6-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-10 17:03

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Hey, super! Das scheint geklappt zu haben! Vielen vielen Dank!

schrauber 26.03.2014 12:14
Java und Adobe updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\ProgramData\dlprotect.exe
C:\Users\Julia Dahm\ntuser (1).dat
U2 wuaserv;
ProxyServer: 192.168.0.1:80

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:41 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131