Trojaner-Board - Keine Downloads Internet möglich, Office 2013 funktioniert nicht

Hallo schrauber, hier nun die Ergebnisse vom Scan. Über das was Du hieraus ersehen kannst bin ich mal gespannt. Gruß Armin
FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2014

Ran by Natasa und Armin (administrator)  on 07-05-2014 19:44:42

Running from C:\Users\Natasa und Armin\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 11

Boot Mode: Normal
 

The only official download link for FRST:

Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool 

Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
 

==================== Processes (Whitelisted) =================
 

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe

(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe

(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe

(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe

(Avanquest Software) C:\Program Files (x86)\Smart PC Cleaner\SPCReminder.exe

(Spigot, Inc.) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(FileOpen Systems Inc.) C:\ProgramData\FileOpen\Services\FileOpenManagerSvc64.exe

() C:\ProgramData\IBUpdaterService\ibsvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe

(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

(Spigot, Inc.) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe

(Spigot Inc) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe

(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(EXP Systems LLC) C:\Program Files (x86)\PDF reDirect\Capture.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

(FileOpen Systems Inc.) C:\ProgramData\FileOpen\Services\FileOpenBroker64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9644576 2009-12-15] (Realtek Semiconductor)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)

HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)

HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [UpdatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)

HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)

HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)

HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)

HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [SweetIM] => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [114992 2011-12-05] (SweetIM Technologies Ltd.)

HKLM-x32\...\Run: [facemoods] => C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe [362200 2011-09-05] (facemoods.com)

HKLM-x32\...\Run: [DATAMNGR] => C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)

HKLM-x32\...\Run: [Starter] => C:\Program Files (x86)\Driver-Soft\DriverGenius\StarterW3i.exe [79728 2012-02-14] (Driver-Soft Inc.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1801168 2014-04-11] (APN)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)

HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [SearchSettings] => C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [1401664 2014-04-25] (Spigot, Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-868785299-726797094-2297327714-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)

HKU\S-1-5-21-868785299-726797094-2297327714-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-06-14] (Google Inc.)

HKU\S-1-5-21-868785299-726797094-2297327714-1000\...\Run: [Smart PC Cleaner] => C:\Program Files (x86)\Smart PC Cleaner\SPCLauncher.exe [80016 2012-01-28] (Avanquest Software)

HKU\S-1-5-21-868785299-726797094-2297327714-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)

HKU\S-1-5-21-868785299-726797094-2297327714-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup

AppInit_DLLs: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll => C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\x64\datamngr.dll [1778568 2011-12-08] (iMesh, Inc)

AppInit_DLLs:  C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll => C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\x64\IEBHO.dll [1791368 2011-12-08] (iMesh, Inc)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google

HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = Babylon Search

URLSearchHook: HKLM-x32 - (No Name) - {9427041a-a8dc-4d06-9a68-93873486e957} - No File

URLSearchHook: HKCU - pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\9.1\pdfforgeToolbarIE64.dll (Spigot, Inc.)

URLSearchHook: HKCU - (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File

URLSearchHook: HKCU - (No Name) - {9427041a-a8dc-4d06-9a68-93873486e957} - No File

SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}

SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://startsear.ch/?aff=1&q={searchTerms}

SearchScopes: HKLM-x32 - {777A245C-D638-4D06-98C2-D124300EBEFC} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN

SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}

SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={A2D18409-838B-4483-90BB-E2110843E7A4}

SearchScopes: HKCU - DefaultScope {0EF84A43-2013-493D-BBBF-9276B06E1C8C} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}

SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = hxxp://start.facemoods.com/?a=ironto&s={searchTerms}&f=4

SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://isearch.babylon.com/?q={searchTerms}&affID=119656&babsrc=SP_ss_gr&mntrId=12a577f50000000000001ef46a9cc692

SearchScopes: HKCU - {0EF84A43-2013-493D-BBBF-9276B06E1C8C} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}

SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://www.search.ask.com/web?tpid=ORJ&o=100000027&pf=V7&p2=%5EU3%5EOSJ000%5EYY%5EDE&gct=&itbv=12.10.3.24&apn_uid=96F3442D-8BCD-4044-BF3B-B093EFA6DA7C&apn_ptnrs=%5EU3&apn_dtid=%5EOSJ000%5EYY%5EDE&apn_dbr=ie_9.0.8112.16421&doi=2014-02-07&trgb=IE&q={searchTerms}&psv=

SearchScopes: HKCU - {2AC7BFEC-F8CD-44A3-ADC0-78CC5D23D02B} URL = hxxp://search.softonic.com/MON00016/tb_v1?q={searchTerms}&SearchSource=4&cc=

SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de___DE425

SearchScopes: HKCU - {777A245C-D638-4D06-98C2-D124300EBEFC} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de___DE425

SearchScopes: HKCU - {9962BC7F-055B-4874-B15F-6FAFE1A6DC48} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3008668

SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}

SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

SearchScopes: HKCU - {BFE4BC16-D4E3-4556-890A-E03DD7EB0E7C} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}

SearchScopes: HKCU - {C3777C87-018C-470A-BAA4-84AD3FCAA7E7} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}

SearchScopes: HKCU - {EB27DE47-EACD-4002-9C27-003649C0FC2C} URL = hxxp://de.search.yahoo.com/search?&q={searchTerms}&ei=utf-8&fr=w3is&type=W3i_IA,206,6484_00,Search,20110938,18175,0,0,6484

SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={A2D18409-838B-4483-90BB-E2110843E7A4}

BHO: Speed Test 127 - {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} - C:\Program Files (x86)\Speed Test 127\ScriptHost64.dll (BestOffers)

BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll No File

BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL No File

BHO: DataMngr - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\x64\BrowserConnection.dll (iMesh, Inc)

BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File

BHO: Ask Shopping Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport_x64.dll (APN LLC.)

BHO-x32: No Name - {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} -  No File

BHO-x32: No Name - {1631550F-191D-4826-B069-D9439253D926} -  No File

BHO-x32: No Name - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -  No File

BHO-x32: No Name - {28387537-e3f9-4ed7-860c-11e69af4a8a0} -  No File

BHO-x32: No Name - {2EECD738-5844-4a99-B4B6-146BF802613B} -  No File

BHO-x32: No Name - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -  No File

BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File

BHO-x32: No Name - {64182481-4F71-486b-A045-B233BD0DA8FC} -  No File

BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File

BHO-x32: No Name - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} -  No File

BHO-x32: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Windows\SysWow64\config\systemprofile\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)

BHO-x32: No Name - {9030D464-4C02-4ABF-8ECC-5164760863C6} -  No File

BHO-x32: No Name - {9427041a-a8dc-4d06-9a68-93873486e957} -  No File

BHO-x32: No Name - {99079a25-328f-4bd4-be04-00955acaa0a7} -  No File

BHO-x32: No Name - {AA58ED58-01DD-4d91-8333-CF10577473F7} -  No File

BHO-x32: No Name - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -  No File

BHO-x32: No Name - {B4F3A835-0E21-4959-BA22-42B3008E02FF} -  No File

BHO-x32: No Name - {B922D405-6D13-4A2B-AE89-08A030DA4402} -  No File

BHO-x32: No Name - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} -  No File

BHO-x32: No Name - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -  No File

BHO-x32: No Name - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -  No File

BHO-x32: No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File

BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File

BHO-x32: No Name - {E87806B5-E908-45FD-AF5E-957D83E58E68} -  No File

BHO-x32: No Name - {EEE6C35C-6118-11DC-9C72-001320C79847} -  No File

Toolbar: HKLM - Ask Shopping Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport_x64.dll (APN LLC.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM - pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\9.1\pdfforgeToolbarIE64.dll (Spigot, Inc.)

Toolbar: HKLM-x32 - No Name - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -  No File

Toolbar: HKLM-x32 - No Name - {9427041a-a8dc-4d06-9a68-93873486e957} -  No File

Toolbar: HKLM-x32 - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File

Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File

Toolbar: HKLM-x32 - No Name - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} -  No File

Toolbar: HKLM-x32 - No Name - {28387537-e3f9-4ed7-860c-11e69af4a8a0} -  No File

Toolbar: HKLM-x32 - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File

Toolbar: HKLM-x32 - No Name - {99079a25-328f-4bd4-be04-00955acaa0a7} -  No File

Toolbar: HKLM-x32 - No Name - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} -  No File

Toolbar: HKLM-x32 - No Name - {82E1477C-B154-48D3-9891-33D83C26BCD3} -  No File

Toolbar: HKLM-x32 - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File

Toolbar: HKLM-x32 - No Name - {B922D405-6D13-4A2B-AE89-08A030DA4402} -  No File

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKCU - Ask Shopping Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport_x64.dll (APN LLC.)

Toolbar: HKCU - No Name - {9427041A-A8DC-4D06-9A68-93873486E957} -  No File

Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File

Handler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} -  No File

Handler-x32: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} -  No File

Handler-x32: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} -  No File

Handler-x32: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} -  No File

Handler-x32: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} -  No File

Handler-x32: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} -  No File

Handler-x32: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} -  No File

Handler-x32: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} -  No File

Handler-x32: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} -  No File

Handler-x32: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} -  No File

Handler-x32: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} -  No File

Handler-x32: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} -  No File

Handler-x32: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} -  No File

Handler-x32: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} -  No File

Handler-x32: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} -  No File

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File

Handler-x32: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} -  No File

Handler-x32: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} -  No File

Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  No File

Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  No File

Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  No File

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL No File

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml

FF HKCU\...\Firefox\Extensions: [{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}] - C:\Program Files (x86)\PriceGong\2.5.4\FF

FF Extension: PriceGong - C:\Program Files (x86)\PriceGong\2.5.4\FF [2011-12-14]

FF HKCU\...\Firefox\Extensions: [{58bd07eb-0ee0-4df0-8121-dc9b693373df}] - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension

FF HKCU\...\Firefox\Extensions: [SpecialSavings@SpecialSavings.com] - C:\Users\Natasa und Armin\AppData\Roaming\Mozilla\Extensions\SpecialSavings@SpecialSavings.com

FF Extension: SpecialSavings - C:\Users\Natasa und Armin\AppData\Roaming\Mozilla\Extensions\SpecialSavings@SpecialSavings.com [2013-03-05]
 

Chrome: 

=======

CHR HomePage: hxxp://isearch.babylon.com/?affID=119656&babsrc=HP_ss_gr&mntrId=12a577f50000000000001ef46a9cc692

CHR StartupUrls: "hxxp://isearch.babylon.com/?affID=119656&babsrc=HP_ss_gr&mntrId=12a577f50000000000001ef46a9cc692", "hxxp://www.delta-search.com/?affID=119656&babsrc=HP_ss&mntrId=12a577f50000000000001ef46a9cc692"

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\gcswf32.dll No File

CHR Plugin: (vShare.tv plug-in) - C:\Users\Natasa und Armin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll (vShare.tv )

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File

CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File

CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Extension: (Surf Canyon) - C:\Users\Natasa und Armin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkhlgibem [2012-05-21]

CHR Extension: (SpecialSavings) - C:\Users\Natasa und Armin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfcpnihmbfoaeoakalclfalkdepgiaje [2013-03-06]

CHR Extension: (PriceGong) - C:\Users\Natasa und Armin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok [2012-02-11]

CHR Extension: (Allin1Convert) - C:\Users\Natasa und Armin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl [2014-04-23]

CHR Extension: (Foxtab Speed Dial (Release Candidate)) - C:\Users\Natasa und Armin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif [2012-02-11]

CHR Extension: (DefaultTab) - C:\Users\Natasa und Armin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc [2012-05-21]

CHR Extension: (vshare plugin) - C:\Users\Natasa und Armin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj [2012-02-11]

CHR Extension: (Google Wallet) - C:\Users\Natasa und Armin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]

CHR HKLM-x32\...\Chrome\Extension: [bcjagnifjocnddgeknajocbkkhlgibem] - C:\Program Files (x86)\Chrome\surfcanyon.crx [2012-03-30]

CHR HKLM-x32\...\Chrome\Extension: [bfcpnihmbfoaeoakalclfalkdepgiaje] - C:\Users\Natasa und Armin\AppData\Roaming\SpecialSavings\SpecialSavings.crx [2013-02-13]

CHR HKLM-x32\...\Chrome\Extension: [bkomkajifikmkfnjgphkjcfeepbnojok] - C:\Program Files (x86)\PriceGong\2.5.4\pricegong.crx [2011-11-08]

CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Natasa und Armin\AppData\Roaming\BabSolution\CR\Delta.crx [2011-11-08]

CHR HKLM-x32\...\Chrome\Extension: [ihflimipbcaljfnojhhknppphnnciiif] - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.crx [2011-09-05]

CHR HKLM-x32\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files (x86)\DefaultTab\DefaultTab.crx [2012-04-28]

CHR HKLM-x32\...\Chrome\Extension: [kpionmjnkbpcdpcflammlgllecmejgjj] - C:\Program Files (x86)\vShare.tv plugin\vshareplg.crx [2011-08-31]

CHR HKLM-x32\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx [2011-08-31]
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-04-11] (APN LLC.)

S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)

S2 DefaultTabSearch; C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [574464 2013-12-20] ()

S2 DefaultTabUpdate; C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe [107520 2014-05-05] ()

R2 FileOpenManagerSvc; C:\ProgramData\FileOpen\Services\FileOpenManagerSvc64.exe [331648 2011-03-09] (FileOpen Systems Inc.)

R2 IBUpdaterService; C:\ProgramData\IBUpdaterService\ibsvc.exe [633208 2013-02-19] ()

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-29] (Avira Operations GmbH & Co. KG)

U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)

S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2010-11-03] (Windows (R) 2003 DDK 3790 provider)

R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

S1 hfucpqnp; \??\C:\Windows\system32\drivers\hfucpqnp.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-05-07 19:44 - 2014-05-07 19:45 - 00029780 _____ () C:\Users\Natasa und Armin\Desktop\FRST.txt

2014-05-07 19:44 - 2014-05-07 19:44 - 00000000 ____D () C:\FRST

2014-05-07 19:43 - 2014-05-06 18:55 - 01053184 _____ (Farbar) C:\Users\Natasa und Armin\Desktop\FRST.exe

2014-05-07 19:42 - 2014-05-07 19:42 - 00000645 _____ () C:\Users\Natasa und Armin\Desktop\FRST64 - Verknüpfung.lnk

2014-05-07 19:42 - 2014-05-06 18:53 - 02063872 _____ (Farbar) C:\Users\Natasa und Armin\Desktop\FRST64.exe

2014-05-04 09:25 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-04 09:24 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-04 09:24 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-05-04 09:24 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-05-01 16:50 - 2014-05-01 16:50 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-04-30 22:14 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-04-30 22:14 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-04-30 21:59 - 2014-04-30 21:59 - 00000000 ____D () C:\Program Files (x86)\pdfforge Toolbar

2014-04-30 21:59 - 2014-04-30 21:59 - 00000000 ____D () C:\Program Files (x86)\Application Updater

2014-04-23 20:18 - 2014-04-25 06:08 - 00003662 _____ () C:\Windows\System32\Tasks\DTChk

2014-04-23 20:18 - 2014-04-23 20:18 - 00000000 ____D () C:\Users\Public\Util

2014-04-23 14:11 - 2014-04-23 14:11 - 00000000 ____D () C:\Users\Natasa und Armin\AppData\Roaming\Media Player Classic

2014-04-23 13:59 - 2014-04-23 13:59 - 00000000 ____D () C:\Users\Natasa und Armin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jet

2014-04-23 13:57 - 2014-04-23 14:00 - 00000000 ____D () C:\Users\Natasa und Armin\AppData\Local\Performersoft

2014-04-23 13:55 - 2014-05-01 20:37 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup

2014-04-23 13:55 - 2014-04-23 13:56 - 00000000 ____D () C:\Program Files (x86)\Speed Test 127

2014-04-23 13:55 - 2014-04-23 13:55 - 00001266 _____ () C:\Users\Natasa und Armin\Desktop\Speed Test.lnk

2014-04-23 13:54 - 2014-04-23 13:54 - 01309928 _____ () C:\Users\Natasa und Armin\Downloads\SoftangoDownloader_AndroidSdkRelease21.exe

2014-04-23 12:43 - 2014-04-23 12:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf

2014-04-23 11:51 - 2014-04-23 11:51 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log

2014-04-23 11:50 - 2014-04-23 13:51 - 00000000 ____D () C:\Users\Natasa und Armin\Documents\samsung

2014-04-23 11:50 - 2014-04-23 11:50 - 00000000 ____D () C:\Users\Natasa und Armin\AppData\Roaming\Samsung

2014-04-23 11:50 - 2014-04-23 11:50 - 00000000 ____D () C:\Users\Natasa und Armin\AppData\Local\Samsung

2014-04-23 11:49 - 2014-04-23 11:49 - 00002002 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk

2014-04-23 11:49 - 2014-04-23 11:49 - 00001992 _____ () C:\Users\Public\Desktop\Samsung Kies.lnk

2014-04-23 11:48 - 2014-04-23 11:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec

2014-04-23 11:48 - 2014-04-23 11:48 - 00000000 ____D () C:\Program Files (x86)\MyFree Codec

2014-04-23 11:47 - 2014-01-23 18:23 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll

2014-04-23 11:47 - 2014-01-23 18:23 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll

2014-04-23 11:44 - 2014-04-23 11:44 - 75397136 _____ (Samsung Electronics Co., Ltd.) C:\Users\Natasa und Armin\Desktop\KiesSetup.exe

2014-04-23 11:44 - 2014-04-23 11:44 - 00000000 ____D () C:\Users\Natasa und Armin\AppData\Local\Downloaded Installations

2014-04-23 09:44 - 2014-04-23 09:44 - 00000000 __SHD () C:\Users\Natasa und Armin\AppData\Local\EmieUserList

2014-04-23 09:44 - 2014-04-23 09:44 - 00000000 __SHD () C:\Users\Natasa und Armin\AppData\Local\EmieSiteList

2014-04-23 09:08 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-04-23 09:08 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-04-23 09:08 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-04-23 09:08 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-04-23 09:07 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-04-23 09:07 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-04-23 09:07 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-04-23 09:07 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-04-23 09:07 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-04-23 09:07 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-04-23 09:07 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-04-23 09:07 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-04-23 09:07 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-04-23 09:07 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-04-23 09:07 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-04-23 09:07 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-04-23 09:07 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-04-23 09:07 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-04-23 09:07 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-04-23 09:07 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-04-23 09:07 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-04-23 09:07 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-04-23 09:07 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-04-23 09:07 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-04-23 09:07 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-04-23 09:07 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-04-23 09:07 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-04-23 09:07 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-04-23 09:07 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-04-23 09:07 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-04-23 09:07 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-04-23 09:07 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-04-23 09:07 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-04-23 09:07 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-04-23 09:07 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-04-23 09:07 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-04-23 09:07 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-04-23 09:07 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-04-23 09:07 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-04-23 09:07 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-04-23 09:07 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-04-23 09:07 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-04-23 09:07 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-04-23 09:07 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-04-19 21:33 - 2014-04-19 21:33 - 00000000 ____D () C:\Users\Natasa und Armin\AppData\Local\iLivid

2014-04-19 21:32 - 2014-04-19 21:32 - 01759480 _____ (Bandoo Media Inc) C:\Users\Natasa und Armin\Desktop\iLividSetup-r1228-n-bc.exe

2014-04-14 22:59 - 2014-04-14 22:59 - 00000000 ____D () C:\Users\Natasa und Armin\Documents\Hautkrebs

2014-04-09 19:13 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2014-04-09 19:13 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2014-04-09 19:13 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2014-04-09 19:13 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2014-04-09 19:13 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2014-04-09 19:13 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2014-04-09 19:13 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2014-04-09 19:13 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2014-04-09 19:13 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2014-04-09 19:13 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2014-04-09 19:13 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2014-04-09 19:13 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys

2014-04-09 19:13 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys

2014-04-09 19:13 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys

2014-04-09 19:13 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll

2014-04-09 19:13 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll

2014-04-09 19:13 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
 

==================== One Month Modified Files and Folders =======
 

2014-05-07 19:45 - 2014-05-07 19:44 - 00029780 _____ () C:\Users\Natasa und Armin\Desktop\FRST.txt

2014-05-07 19:44 - 2014-05-07 19:44 - 00000000 ____D () C:\FRST

2014-05-07 19:43 - 2011-04-01 21:53 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-05-07 19:43 - 2010-06-15 05:23 - 00700134 _____ () C:\Windows\system32\perfh007.dat

2014-05-07 19:43 - 2010-06-15 05:23 - 00149984 _____ () C:\Windows\system32\perfc007.dat

2014-05-07 19:43 - 2009-07-14 07:13 - 01622236 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-05-07 19:42 - 2014-05-07 19:42 - 00000645 _____ () C:\Users\Natasa und Armin\Desktop\FRST64 - Verknüpfung.lnk

2014-05-07 19:41 - 2009-07-14 06:51 - 00092067 _____ () C:\Windows\setupact.log

2014-05-07 19:36 - 2010-06-14 12:51 - 01799110 _____ () C:\Windows\WindowsUpdate.log

2014-05-07 19:35 - 2012-04-08 11:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-05-07 19:35 - 2011-04-01 21:53 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-05-06 18:55 - 2014-05-07 19:43 - 01053184 _____ (Farbar) C:\Users\Natasa und Armin\Desktop\FRST.exe

2014-05-06 18:53 - 2014-05-07 19:42 - 02063872 _____ (Farbar) C:\Users\Natasa und Armin\Desktop\FRST64.exe

2014-05-03 22:31 - 2012-05-21 20:28 - 00000000 ____D () C:\ProgramData\DriverGenius

2014-05-03 22:01 - 2009-07-14 06:45 - 00013936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-05-03 22:01 - 2009-07-14 06:45 - 00013936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-05-03 21:52 - 2011-12-14 22:05 - 00000000 ____D () C:\Users\Natasa und Armin\Tracing

2014-05-03 21:51 - 2011-04-01 18:26 - 00000000 ____D () C:\Users\Natasa und Armin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite

2014-05-03 21:50 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-05-03 08:18 - 2009-07-14 06:45 - 00445752 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-05-02 21:39 - 2010-06-14 13:34 - 00976976 _____ () C:\Windows\PFRO.log

2014-05-01 20:37 - 2014-04-23 13:55 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup

2014-05-01 20:37 - 2011-04-01 18:38 - 00000000 ___RD () C:\Users\Natasa und Armin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-05-01 20:33 - 2012-05-21 19:57 - 00000000 ____D () C:\Program Files (x86)\DefaultTab

2014-05-01 20:31 - 2011-04-01 18:26 - 00000000 ____D () C:\Users\Natasa und Armin

2014-05-01 20:30 - 2013-09-26 21:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

2014-05-01 20:30 - 2010-06-14 13:03 - 00000000 ____D () C:\ProgramData\WinClon

2014-05-01 20:30 - 2010-06-14 12:47 - 00000000 ____D () C:\Windows\SysWOW64\x64

2014-05-01 20:30 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2014-05-01 20:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\schemas

2014-05-01 20:29 - 2010-06-15 05:08 - 00000000 ___RD () C:\Users\Public\Recorded TV

2014-05-01 20:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration

2014-05-01 20:28 - 2011-04-01 22:26 - 00000000 ____D () C:\Users\Natasa und Armin\AppData\Roaming\SoftGrid Client

2014-05-01 20:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-05-01 20:24 - 2013-09-26 21:32 - 00000000 ____D () C:\Program Files\Microsoft Office 15

2014-05-01 16:50 - 2014-05-01 16:50 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-04-30 21:59 - 2014-04-30 21:59 - 00000000 ____D () C:\Program Files (x86)\pdfforge Toolbar

2014-04-30 21:59 - 2014-04-30 21:59 - 00000000 ____D () C:\Program Files (x86)\Application Updater

2014-04-29 20:59 - 2012-04-08 11:16 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-04-29 20:59 - 2012-04-08 11:16 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-04-29 20:59 - 2012-02-22 21:40 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-04-29 16:01 - 2014-05-04 09:25 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-04-29 15:40 - 2014-05-04 09:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-04-29 14:48 - 2014-05-04 09:24 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-04-29 14:34 - 2014-05-04 09:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-04-26 23:20 - 2014-03-30 20:32 - 00000000 ____D () C:\Users\Natasa und Armin\Documents\Kabel Deutschland

2014-04-25 06:08 - 2014-04-23 20:18 - 00003662 _____ () C:\Windows\System32\Tasks\DTChk

2014-04-25 06:08 - 2014-01-12 20:39 - 00003894 _____ () C:\Windows\System32\Tasks\DTReg

2014-04-25 06:08 - 2013-08-14 20:43 - 00000306 __RSH () C:\Users\Natasa und Armin\ntuser.pol

2014-04-24 19:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared

2014-04-23 20:18 - 2014-04-23 20:18 - 00000000 ____D () C:\Users\Public\Util

2014-04-23 14:11 - 2014-04-23 14:11 - 00000000 ____D () C:\Users\Natasa und Armin\AppData\Roaming\Media Player Classic

2014-04-23 14:00 - 2014-04-23 13:57 - 00000000 ____D () C:\Users\Natasa und Armin\AppData\Local\Performersoft

2014-04-23 13:59 - 2014-04-23 13:59 - 00000000 ____D () C:\Users\Natasa und Armin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jet

2014-04-23 13:56 - 2014-04-23 13:55 - 00000000 ____D () C:\Program Files (x86)\Speed Test 127

2014-04-23 13:55 - 2014-04-23 13:55 - 00001266 _____ () C:\Users\Natasa und Armin\Desktop\Speed Test.lnk

2014-04-23 13:54 - 2014-04-23 13:54 - 01309928 _____ () C:\Users\Natasa und Armin\Downloads\SoftangoDownloader_AndroidSdkRelease21.exe

2014-04-23 13:51 - 2014-04-23 11:50 - 00000000 ____D () C:\Users\Natasa und Armin\Documents\samsung

2014-04-23 12:43 - 2014-04-23 12:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf

2014-04-23 11:51 - 2014-04-23 11:51 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log

2014-04-23 11:50 - 2014-04-23 11:50 - 00000000 ____D () C:\Users\Natasa und Armin\AppData\Roaming\Samsung

2014-04-23 11:50 - 2014-04-23 11:50 - 00000000 ____D () C:\Users\Natasa und Armin\AppData\Local\Samsung

2014-04-23 11:49 - 2014-04-23 11:49 - 00002002 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk

2014-04-23 11:49 - 2014-04-23 11:49 - 00001992 _____ () C:\Users\Public\Desktop\Samsung Kies.lnk

2014-04-23 11:49 - 2010-06-14 12:52 - 00000000 ____D () C:\Program Files (x86)\Samsung

2014-04-23 11:48 - 2014-04-23 11:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec

2014-04-23 11:48 - 2014-04-23 11:48 - 00000000 ____D () C:\Program Files (x86)\MyFree Codec

2014-04-23 11:48 - 2010-06-14 13:02 - 00000000 ____D () C:\ProgramData\SAMSUNG

2014-04-23 11:48 - 2010-06-14 12:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung

2014-04-23 11:47 - 2010-06-14 12:47 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-04-23 11:44 - 2014-04-23 11:44 - 75397136 _____ (Samsung Electronics Co., Ltd.) C:\Users\Natasa und Armin\Desktop\KiesSetup.exe

2014-04-23 11:44 - 2014-04-23 11:44 - 00000000 ____D () C:\Users\Natasa und Armin\AppData\Local\Downloaded Installations

2014-04-23 09:44 - 2014-04-23 09:44 - 00000000 __SHD () C:\Users\Natasa und Armin\AppData\Local\EmieUserList

2014-04-23 09:44 - 2014-04-23 09:44 - 00000000 __SHD () C:\Users\Natasa und Armin\AppData\Local\EmieSiteList

2014-04-19 21:33 - 2014-04-19 21:33 - 00000000 ____D () C:\Users\Natasa und Armin\AppData\Local\iLivid

2014-04-19 21:32 - 2014-04-19 21:32 - 01759480 _____ (Bandoo Media Inc) C:\Users\Natasa und Armin\Desktop\iLividSetup-r1228-n-bc.exe

2014-04-14 22:59 - 2014-04-14 22:59 - 00000000 ____D () C:\Users\Natasa und Armin\Documents\Hautkrebs

2014-04-14 04:24 - 2014-04-30 22:14 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-04-14 04:19 - 2014-04-30 22:14 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-04-10 07:42 - 2013-08-19 08:02 - 00000000 ____D () C:\Windows\system32\MRT

2014-04-10 07:28 - 2011-04-06 21:40 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-04-09 19:20 - 2012-02-11 21:28 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
 

Files to move or delete:

====================

C:\Users\Natasa und Armin\chromeinstall-7u5.exe
 
 

Some content of TEMP:

====================

C:\Users\Natasa und Armin\AppData\Local\Temp\6_Offer_14.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\ApnStub.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\AskSLib.dll

C:\Users\Natasa und Armin\AppData\Local\Temp\avgnt.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\BackupSetup.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\chutil.dll

C:\Users\Natasa und Armin\AppData\Local\Temp\contentDATs.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\DownloadManager.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\FileSystemView.dll

C:\Users\Natasa und Armin\AppData\Local\Temp\iMesh_setup.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\Installhelper.dll

C:\Users\Natasa und Armin\AppData\Local\Temp\install_flashplayer11x64ax_gtbp_chra_aih.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\install_flashplayer11x64ax_gtbp_chra_aih_1.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\jre-7u6-windows-i586-iftw.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\NEWE062.tmp.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\OfficeSetup.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\SecurityScan_Release.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\setup.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\SetupDataMngr_Searchqu.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\SQLite.dll

C:\Users\Natasa und Armin\AppData\Local\Temp\sqlite3.dll

C:\Users\Natasa und Armin\AppData\Local\Temp\SRAssetsHelper.dll

C:\Users\Natasa und Armin\AppData\Local\Temp\vcredist_x64.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\vcredist_x86.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-04-29 22:07
 

==================== End Of Log ============================

--- --- ---
FRST Additions Logfile:

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2014

Ran by Natasa und Armin at 2014-05-07 19:46:25

Running from C:\Users\Natasa und Armin\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)

Adobe Reader 9.2 - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-A92000000001}) (Version: 9.2.0 - Adobe Systems Incorporated)

Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Ask Shopping Toolbar (HKLM-x32\...\{4F524A00-6A76-A76A-76A7-A758B70C0A06}) (Version: 12.10.6.60 - APN, LLC) <==== ATTENTION

Atheros Client Installation Program (HKLM-x32\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.2.1119 - Atheros)

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)

Babylon toolbar on IE (HKLM-x32\...\BabylonToolbar) (Version:  - ) <==== ATTENTION

BatteryLifeExtender (HKLM-x32\...\{74A579FB-EB06-497D-B194-01590D6FE51A}) (Version: 1.0.5 - Samsung)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version:  - Oberon Media)

CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2806 - CyberLink Corp.)

CyberLink DVD Suite (x32 Version: 6.0.2806 - CyberLink Corp.) Hidden

CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1916 - CyberLink Corp.)

CyberLink LabelPrint (x32 Version: 2.5.1916 - CyberLink Corp.) Hidden

CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3108a - CyberLink Corp.)

CyberLink Power2Go (x32 Version: 6.0.3108a - CyberLink Corp.) Hidden

CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3213 - CyberLink Corp.)

CyberLink PowerDirector (x32 Version: 7.0.3213 - CyberLink Corp.) Hidden

CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815b - CyberLink Corp.)

CyberLink PowerDVD 8 (x32 Version: 8.0.2815b - CyberLink Corp.) Hidden

CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1812 - CyberLink Corp.)

CyberLink PowerProducer (x32 Version: 5.0.1.1812 - CyberLink Corp.) Hidden

CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3625 - CyberLink Corp.)

CyberLink YouCam (x32 Version: 2.0.3625 - CyberLink Corp.) Hidden

Defaulttab (HKLM-x32\...\DefaultTab) (Version: 2.5.0.0 - Search Results, LLC) <==== ATTENTION

DefaultTab Chrome (HKLM-x32\...\DefaultTab Chrome) (Version: 1.1.14 - ) <==== ATTENTION

Delta Chrome Toolbar (HKLM-x32\...\Delta Chrome Toolbar) (Version:  - Visual Tools) <==== ATTENTION

Delta toolbar   (HKLM-x32\...\delta) (Version: 1.8.10.0 - Delta) <==== ATTENTION

Driver Genius Professional Edition (HKLM-x32\...\Driver Genius Professional Edition_is1) (Version: 11.0 - Driver-Soft Inc.)

Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)

Easy Network Manager (HKLM-x32\...\{34B76DCB-BF7C-440F-B058-C84172C1E338}) (Version: 4.2.8 - Samsung)

Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.5 - Samsung Electronics Co.,Ltd.)

EasyBatteryManager (HKLM-x32\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.3 - Samsung)

ElsterFormular 2008/2009 (HKLM-x32\...\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}) (Version: 10.2.1.0 - Steuerverwaltung des Bundes und der Länder)

ElsterFormular-Upgrade (HKLM-x32\...\ElsterFormular 11.5.1.4843) (Version: 15.0.13587 - Landesfinanzdirektion Thüringen)

Facemoods Toolbar (HKLM-x32\...\facemoods) (Version:  - ) <==== ATTENTION

FileOpen Client (x64) (HKLM\...\{ABC082A6-A587-493C-83C1-5F2C60A8BAA8}) (Version: 3.0.47.900 - FileOpen Systems, Inc.)

Flip Words (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}) (Version:  - Oberon Media)

FoxTab Music Converter (HKCU\...\FoxTab Music Converter) (Version:  - ) <==== ATTENTION

Free 3GP Video Converter version 5.0.6.221 (HKLM-x32\...\Free 3GP Video Converter_is1) (Version: 5.0.6.221 - DVDVideoSoft Ltd.)

Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version:  - Oberon Media)

Game Pack (HKLM-x32\...\{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1) (Version: 6.3.1.1 - Oberon Media, Inc.)

Gem Shop (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110521483}) (Version:  - Oberon Media)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden

iLivid (HKLM-x32\...\iLivid) (Version: 1.92 - Bandoo Media Inc) <==== ATTENTION

Insaniquarium Deluxe (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}) (Version:  - Oberon Media)

Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)

Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)

iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)

Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.450 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Java(TM) 7 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217005F0}) (Version: 7.0.50 - Oracle)

Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden

K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )

Mahjong Escape Ancient China (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}) (Version:  - Oberon Media)

Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.22.3.3 - Marvell)

Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden

Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4605.1003 - Microsoft Corporation)

Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden

MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden

PDF reDirect (remove only) (HKLM-x32\...\PDF reDirect) (Version: v2.5.2 - EXP Systems LLC)

PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)

pdfforge Toolbar v9.1 (HKLM-x32\...\{E5E7189A-197A-4BC9-9548-083415C04E72}) (Version: 9.1 - Spigot, Inc.) <==== ATTENTION

PriceGong 2.5.4 (HKLM-x32\...\PriceGong) (Version: 2.5.4 - PriceGong) <==== ATTENTION

Productivity 3.1 Toolbar (HKLM-x32\...\Productivity_3.1 Toolbar) (Version: 6.8.2.0 - Productivity 3.1)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6003 - Realtek Semiconductor Corp.)

Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)

Samsung Kies (x32 Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden

Samsung Recovery Solution 4 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.6 - Samsung)

Samsung Support Center (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.0.2 - Samsung)

Samsung Update Plus (HKLM-x32\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)

SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.)

Searchqu Toolbar (HKLM-x32\...\Searchqu Toolbar) (Version: 3.0.0.122375 - Bandoo Media Inc) <==== ATTENTION

Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.8.8855 - Skype Technologies S.A.)

Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)

Slingo (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}) (Version:  - Oberon Media)

Smart PC Cleaner v3.0 (HKLM-x32\...\Smart PC Cleaner_is1) (Version: 3.0 - Avanquest Software)

Softonic toolbar  on IE and Chrome (HKLM-x32\...\Softonic) (Version:  - Softonic) <==== ATTENTION

SopCast 3.2.9 (HKLM-x32\...\SopCast) (Version: 3.2.9 - SopCast - Free P2P internet TV | live football, NBA, cricket)

Speed Test 127 (HKLM-x32\...\Speed Test 127) (Version: 3.0.0.0 - Speed Analysis) <==== ATTENTION

SweetIM for Messenger 3.6 (HKLM-x32\...\{0D5BBB2B-F044-46C3-877B-6A6BE1E08D19}) (Version: 3.6.0003 - SweetIM Technologies Ltd.) <==== ATTENTION

SweetIM Toolbar for Internet Explorer 4.2 (HKLM-x32\...\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}) (Version: 4.2.0004 - SweetIM Technologies Ltd.) <==== ATTENTION

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.10.0 - Synaptics Incorporated)

Updater Service (HKLM-x32\...\Updater Service) (Version: 15,9,28,27 - ) <==== ATTENTION

User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )

VideoPerformer (HKLM-x32\...\VideoPerformer) (Version:  - PerformerSoft LLC) <==== ATTENTION

vShare.tv plugin 1.3 (HKLM-x32\...\vShare.tv plugin) (Version: 1.3 - vShare.tv, Inc.) <==== ATTENTION

Wincore MediaBar (HKLM-x32\...\Wincore MediaBar) (Version: 3.0.0.118597 - iMesh Inc.) <==== ATTENTION

Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)

Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden

Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden

Windows Live Family Safety (Version: 14.0.8093.805 - Microsoft Corporation) Hidden

Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden

Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)

Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
 

==================== Restore Points  =========================
 

24-04-2014 17:04:19 Windows Update

01-05-2014 14:48:33 Windows Update

01-05-2014 14:59:48 Windows Update

01-05-2014 18:20:19 Wiederherstellungsvorgang

04-05-2014 07:24:27 Windows Update
 

==================== Hosts content: ==========================
 

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {0D67FB2C-AC4F-4260-9085-C0CCEE9C6DF6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe

Task: {0E770F45-7A8B-4EF9-835C-D58A42D868A8} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe

Task: {15C1B4F0-73D1-40C4-A315-5F7532A74279} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-01] (Google Inc.)

Task: {3CF0F8BD-65CE-474F-94AA-205D2476E229} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-03-30] (Microsoft Corporation)

Task: {3F5032B5-1ACA-40ED-8E8C-85E2E91F503E} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2009-12-17] (Samsung Electronics Co., Ltd.)

Task: {452259E0-3563-4448-B8E5-93821FECFE10} - System32\Tasks\DTChk => C:\Users\Public\Util\DTChk.exe [2014-04-23] (Search Results, LLC)

Task: {71BF75CB-A622-4225-B685-B4CDDFB9CB4A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe

Task: {74FC7394-AF00-4927-A35D-0AB7558ED453} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29] (Adobe Systems Incorporated)

Task: {8C486767-AED4-465E-A7E4-4C5C97BD3CD1} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)

Task: {9C4C3911-9E15-438F-9EC7-93D502D9BDCB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-01] (Google Inc.)

Task: {A16FE5B0-0B6A-4D96-9CFE-F132C800A855} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {C4F7CA60-F41B-4DFA-87D2-BB4E955248C6} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-10-16] (SAMSUNG Electronics co., LTD.)

Task: {D1633233-AD77-479B-BD77-7E40B0A12CF2} - System32\Tasks\DTReg => C:\Windows\system32\config\systemprofile\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe <==== ATTENTION

Task: {D5F3117C-6EA6-45D1-B3CA-6FB138FA81EC} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-10-13] (Samsung Electronics Co., Ltd.)

Task: {DD742FD1-D09A-4E3F-95D9-28D4B15112E0} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2010-05-06] (SAMSUNG Electronics)

Task: {EEA2A079-7FCE-4ABB-BDD3-F8D69CC2F2C0} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-06-01] (Samsung Electronics. Co. Ltd.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2010-06-06 16:20 - 2010-06-06 16:20 - 00065344 _____ () C:\Windows\System32\PDFreDirectMon64.dll

2012-01-29 13:55 - 2005-03-12 02:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll

2013-02-19 21:41 - 2013-02-19 21:40 - 00633208 _____ () C:\ProgramData\IBUpdaterService\ibsvc.exe

2010-06-14 12:58 - 2009-07-07 20:23 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

2013-04-02 20:23 - 2013-04-01 10:25 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll

2010-06-14 13:02 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll

2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-04-09 19:20 - 2014-04-02 03:57 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll

2014-04-09 19:20 - 2014-04-02 03:57 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll

2014-04-09 19:20 - 2014-04-02 03:57 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll

2014-04-09 19:20 - 2014-04-02 03:57 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll

2014-04-09 19:20 - 2014-04-02 03:58 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll

2014-04-09 19:20 - 2014-04-02 03:57 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll

2005-10-23 13:35 - 2005-10-23 13:35 - 01855488 _____ () C:\Program Files (x86)\PDF reDirect\bin\gsdll32.dll

2009-10-03 03:18 - 2009-10-03 03:18 - 07569408 _____ () c:\program files (x86)\adobe\reader 9.0\reader\rdlang32.deu

2009-02-27 17:40 - 2009-02-27 17:40 - 01712128 _____ () C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU

2014-04-09 19:20 - 2014-04-02 03:58 - 13691720 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

AlternateDataStreams: C:\ProgramData\Temp:2430E4FC

AlternateDataStreams: C:\ProgramData\Temp:268F887D
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== EXE Association (whitelisted) =============
 
 

==================== Disabled items from MSCONFIG ==============
 
 

==================== Faulty Device Manager Devices =============
 

Name: TSSTcorp CDDVDW TS-L633J

Description: CD-ROM-Laufwerk

Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard-CD-ROM-Laufwerke)

Service: cdrom

Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)

Resolution: A registry problem was detected.

 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (05/05/2014 09:54:54 PM) (Source: Bonjour Service) (User: ) (EventID: 100)

Description: Task Scheduling Error: m->NextScheduledSPRetry 5601
 

Error: (05/05/2014 09:54:54 PM) (Source: Bonjour Service) (User: ) (EventID: 100)

Description: Task Scheduling Error: m->NextScheduledEvent 5601
 

Error: (05/05/2014 09:54:54 PM) (Source: Bonjour Service) (User: ) (EventID: 100)

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (05/05/2014 09:54:53 PM) (Source: Bonjour Service) (User: ) (EventID: 100)

Description: Task Scheduling Error: m->NextScheduledSPRetry 4524
 

Error: (05/05/2014 09:54:53 PM) (Source: Bonjour Service) (User: ) (EventID: 100)

Description: Task Scheduling Error: m->NextScheduledEvent 4524
 

Error: (05/05/2014 09:54:53 PM) (Source: Bonjour Service) (User: ) (EventID: 100)

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (05/05/2014 09:54:51 PM) (Source: Bonjour Service) (User: ) (EventID: 100)

Description: Task Scheduling Error: m->NextScheduledSPRetry 2949
 

Error: (05/05/2014 09:54:51 PM) (Source: Bonjour Service) (User: ) (EventID: 100)

Description: Task Scheduling Error: m->NextScheduledEvent 2949
 

Error: (05/05/2014 09:54:51 PM) (Source: Bonjour Service) (User: ) (EventID: 100)

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (05/05/2014 09:54:50 PM) (Source: Bonjour Service) (User: ) (EventID: 100)

Description: Task Scheduling Error: m->NextScheduledSPRetry 1155
 
 

System errors:

=============

Error: (05/05/2014 07:48:41 PM) (Source: Service Control Manager) (User: ) (EventID: 7023)

Description: Der Dienst "DefaultTabUpdate" wurde mit folgendem Fehler beendet: 

%%5
 

Error: (05/03/2014 09:54:05 PM) (Source: Service Control Manager) (User: ) (EventID: 7034)

Description: Dienst "DefaultTabSearch" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 

Error: (05/03/2014 09:54:05 PM) (Source: Service Control Manager) (User: ) (EventID: 7026)

Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 

cdrom
 

Error: (05/03/2014 09:52:05 PM) (Source: Service Control Manager) (User: ) (EventID: 7023)

Description: Der Dienst "DefaultTabUpdate" wurde mit folgendem Fehler beendet: 

%%5
 

Error: (05/03/2014 09:51:57 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)

Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1053
 

Error: (05/03/2014 09:51:57 PM) (Source: Service Control Manager) (User: ) (EventID: 7009)

Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft Office-Klick-und-Los-Dienst erreicht.
 

Error: (05/03/2014 01:18:46 PM) (Source: Service Control Manager) (User: ) (EventID: 7034)

Description: Dienst "DefaultTabSearch" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 

Error: (05/03/2014 01:18:39 PM) (Source: Service Control Manager) (User: ) (EventID: 7026)

Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 

cdrom
 

Error: (05/03/2014 01:17:29 PM) (Source: Service Control Manager) (User: ) (EventID: 7023)

Description: Der Dienst "DefaultTabUpdate" wurde mit folgendem Fehler beendet: 

%%5
 

Error: (05/03/2014 08:50:37 AM) (Source: Service Control Manager) (User: ) (EventID: 7026)

Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 

cdrom
 
 

Microsoft Office Sessions:

=========================

Error: (05/05/2014 09:54:54 PM) (Source: Bonjour Service) (User: ) (EventID: 100)

Description: Task Scheduling Error: m->NextScheduledSPRetry 5601
 

Error: (05/05/2014 09:54:54 PM) (Source: Bonjour Service) (User: ) (EventID: 100)

Description: Task Scheduling Error: m->NextScheduledEvent 5601
 

Error: (05/05/2014 09:54:54 PM) (Source: Bonjour Service) (User: ) (EventID: 100)

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (05/05/2014 09:54:53 PM) (Source: Bonjour Service) (User: ) (EventID: 100)

Description: Task Scheduling Error: m->NextScheduledSPRetry 4524
 

Error: (05/05/2014 09:54:53 PM) (Source: Bonjour Service) (User: ) (EventID: 100)

Description: Task Scheduling Error: m->NextScheduledEvent 4524
 

Error: (05/05/2014 09:54:53 PM) (Source: Bonjour Service) (User: ) (EventID: 100)

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (05/05/2014 09:54:51 PM) (Source: Bonjour Service) (User: ) (EventID: 100)

Description: Task Scheduling Error: m->NextScheduledSPRetry 2949
 

Error: (05/05/2014 09:54:51 PM) (Source: Bonjour Service) (User: ) (EventID: 100)

Description: Task Scheduling Error: m->NextScheduledEvent 2949
 

Error: (05/05/2014 09:54:51 PM) (Source: Bonjour Service) (User: ) (EventID: 100)

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (05/05/2014 09:54:50 PM) (Source: Bonjour Service) (User: ) (EventID: 100)

Description: Task Scheduling Error: m->NextScheduledSPRetry 1155
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 72%

Total physical RAM: 3032.61 MB

Available physical RAM: 819.88 MB

Total Pagefile: 6063.4 MB

Available Pagefile: 3587.43 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:106.39 GB) (Free:17 GB) NTFS

Drive d: () (Fixed) (Total:106.39 GB) (Free:106.22 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 233 GB) (Disk ID: EA9CBF94)

Partition 1: (Not Active) - (Size=20 GB) - (Type=27)

Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=106 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=106 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

--- --- ---

Hallo schrauber, hier die neuesten Ergebnisse.

Bei dem Programm Malwarebytes Anti-Malware hat das Programm zwar sauber gearbeitet und einiges in die Quarantäne verschoben, allerdings kann ich aus irgendeinem Grund keine Log-Datei erstellen (Hinweis: "Programm arbeitet nicht mehr richtig"). Ich hoffe, es geht auch so, ansonsten habe ich alles gemacht wie Du geschrieben hast.

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Home Premium x64

Ran by Natasa und Armin on 10.05.2014 at 21:52:37,21

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC}
 
 
 

~~~ Registry Keys
 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\datamngrui_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\datamngrui_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\facemoodssrv_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\facemoodssrv_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividsetupv1_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividsetupv1_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\searchqumediabar_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\searchqumediabar_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\setupdatamngr_searchqu_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\setupdatamngr_searchqu_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\softonic_ggl_1_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\softonic_ggl_1_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetim_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetim_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetimsetup_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetimsetup_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3008668

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_pdf-redirect_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_pdf-redirect_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_pdf-redirect_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_pdf-redirect_RASMANCS

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2AC7BFEC-F8CD-44A3-ADC0-78CC5D23D02B}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9962BC7F-055B-4874-B15F-6FAFE1A6DC48}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EB27DE47-EACD-4002-9C27-003649C0FC2C}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9427041A-A8DC-4D06-9A68-93873486E957}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ Chrome
 

Successfully deleted: [Folder] C:\Users\Natasa und Armin\appdata\local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 10.05.2014 at 21:59:15,08

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.207 - Bericht erstellt am 10/05/2014 um 21:41:45
# Aktualisiert 05/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Natasa und Armin - SCHROEDER
# Gestartet von : C:\Users\Natasa und Armin\Desktop\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****

Dienst Gefunden : Application Updater

***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\Natasa und Armin\Desktop\Free Animated Desktop Wallpaper.lnk
Datei Gefunden : C:\Users\Natasa und Armin\Desktop\Free Whales ScreenSaver.lnk
Datei Gefunden : C:\Users\NATASA~1\AppData\Local\Temp\Searchqu.ini
Datei Gefunden : C:\Windows\System32\Tasks\DTReg
Ordner Gefunden : C:\Program Files (x86)\~BabylonToolbar
Ordner Gefunden : C:\Program Files (x86)\Application Updater
Ordner Gefunden : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gefunden : C:\Program Files (x86)\Common Files\Spigot
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\Program Files (x86)\driver-soft
Ordner Gefunden : C:\Program Files (x86)\file scout
Ordner Gefunden : C:\Program Files (x86)\Free Offers from Freeze.com
Ordner Gefunden : C:\Program Files (x86)\iMesh Applications
Ordner Gefunden : C:\Program Files (x86)\MyPC Backup
Ordner Gefunden : C:\Program Files (x86)\Productivity_3.1
Ordner Gefunden : C:\Program Files (x86)\SweetIM
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\ProgramData\SweetIM
Ordner Gefunden : C:\ProgramData\Tarma Installer
Ordner Gefunden : C:\Users\Natasa und Armin\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Natasa und Armin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkhlgibem
Ordner Gefunden : C:\Users\Natasa und Armin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfcpnihmbfoaeoakalclfalkdepgiaje
Ordner Gefunden : C:\Users\Natasa und Armin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Ordner Gefunden : C:\Users\Natasa und Armin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj
Ordner Gefunden : C:\Users\Natasa und Armin\AppData\Local\iLivid
Ordner Gefunden : C:\Users\Natasa und Armin\AppData\Local\Ilivid Player
Ordner Gefunden : C:\Users\Natasa und Armin\AppData\Local\iMesh
Ordner Gefunden : C:\Users\Natasa und Armin\AppData\Local\PackageAware
Ordner Gefunden : C:\Users\Natasa und Armin\AppData\Local\PerformerSoft
Ordner Gefunden : C:\Users\Natasa und Armin\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Natasa und Armin\AppData\LocalLow\DataMngr
Ordner Gefunden : C:\Users\Natasa und Armin\AppData\LocalLow\mediabarim
Ordner Gefunden : C:\Users\Natasa und Armin\AppData\LocalLow\pdfforge
Ordner Gefunden : C:\Users\Natasa und Armin\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\Natasa und Armin\AppData\LocalLow\Productivity_3.1
Ordner Gefunden : C:\Users\Natasa und Armin\AppData\LocalLow\Search Settings
Ordner Gefunden : C:\Users\Natasa und Armin\AppData\LocalLow\Searchqutoolbar
Ordner Gefunden : C:\Users\Natasa und Armin\AppData\LocalLow\SweetIM
Ordner Gefunden : C:\Users\Natasa und Armin\AppData\LocalLow\wincoreimband
Ordner Gefunden : C:\Users\Natasa und Armin\AppData\Roaming\BabSolution
Ordner Gefunden : C:\Users\Natasa und Armin\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\Natasa und Armin\AppData\Roaming\DefaultTab
Ordner Gefunden : C:\Users\Natasa und Armin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Ordner Gefunden : C:\Users\Natasa und Armin\AppData\Roaming\pdfforge
Ordner Gefunden : C:\Users\Natasa und Armin\AppData\Roaming\PerformerSoft
Ordner Gefunden : C:\Users\Natasa und Armin\AppData\Roaming\SpecialSavings
Ordner Gefunden : C:\Users\Natasa und Armin\AppData\Roaming\Systweak
Ordner Gefunden : C:\Users\NATASA~1\AppData\Local\Temp\AskSearch
Ordner Gefunden : C:\Users\NATASA~1\AppData\Local\Temp\BabylonToolbar
Ordner Gefunden : C:\Users\NATASA~1\AppData\Local\Temp\mt_ffx

***** [ Verknüpfungen ] *****

***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\5a48fdcb33bba44
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\mediabarim
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\pdfforge
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Productivity_3.1
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\filescout
Schlüssel Gefunden : HKCU\Software\Imesh
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Web-Suche
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\pdfforge
Schlüssel Gefunden : HKCU\Software\PerformerSoft
Schlüssel Gefunden : HKCU\Software\performersoft llc
Schlüssel Gefunden : HKCU\Software\Search Settings
Schlüssel Gefunden : HKCU\Software\StartSearch
Schlüssel Gefunden : HKCU\Software\vShare.tv
Schlüssel Gefunden : HKCU64\Software\filescout
Schlüssel Gefunden : HKCU64\Software\Imesh
Schlüssel Gefunden : HKCU64\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU64\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gefunden : HKCU64\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Schlüssel Gefunden : HKCU64\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gefunden : HKCU64\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU64\Software\pdfforge
Schlüssel Gefunden : HKCU64\Software\PerformerSoft
Schlüssel Gefunden : HKCU64\Software\performersoft llc
Schlüssel Gefunden : HKCU64\Software\Search Settings
Schlüssel Gefunden : HKCU64\Software\StartSearch
Schlüssel Gefunden : HKCU64\Software\vShare.tv
Schlüssel Gefunden : HKLM\SOFTWARE\5a48fdcb33bba44
Schlüssel Gefunden : HKLM\Software\Application Updater
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\*\shell\filescout
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Applications\iMesh_V11_en_Setup.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Applications\iMeshV11.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT3008668
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\Default Tab
Schlüssel Gefunden : HKLM\Software\Driver-Soft
Schlüssel Gefunden : HKLM\Software\Freeze.com
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\bcjagnifjocnddgeknajocbkkhlgibem
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\bfcpnihmbfoaeoakalclfalkdepgiaje
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{34974BAB-95D6-4E7C-AF8F-787E06964261}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{82DA8AD0-F360-4F17-B6A1-5E390915FB2E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_V11_en_Setup_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_V11_en_Setup_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_pdf-redirect_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_pdf-redirect_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9427041A-A8DC-4D06-9A68-93873486E957}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2273BD45-9747-41D0-B552-6CE3A3ED94DA}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Productivity_3.1 Toolbar
Schlüssel Gefunden : HKLM\Software\pdfforge
Schlüssel Gefunden : HKLM\Software\Productivity_3.1
Schlüssel Gefunden : HKLM\Software\Search Settings
Schlüssel Gefunden : HKLM64\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gefunden : HKLM64\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM64\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM64\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gefunden : HKLM64\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM64\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM64\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gefunden : HKLM64\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gefunden : HKLM64\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM64\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM64\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM64\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM64\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gefunden : HKLM64\SOFTWARE\DataMngr
Schlüssel Gefunden : HKLM64\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Schlüssel Gefunden : HKLM64\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gefunden : HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM64\SOFTWARE\Tarma Installer
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9427041A-A8DC-4D06-9A68-93873486E957}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{9427041A-A8DC-4D06-9A68-93873486E957}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [SpecialSavings@SpecialSavings.com]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9427041A-A8DC-4D06-9A68-93873486E957}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{9427041A-A8DC-4D06-9A68-93873486E957}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Google Chrome v34.0.1847.116

[ Datei : C:\Users\Natasa und Armin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gefunden [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&appid=1083&systemid=1&sr=0&q={searchTerms}
Gefunden [Search Provider] : hxxp://search.softonic.com/MON00016/tb_v1?q={searchTerms}&SearchSource=49&cc=
Gefunden [Search Provider] : hxxp://sportbild.bild.de/kddb/cms/websearchsport.do?query={searchTerms}
Gefunden [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=96F3442D-8BCD-4044-BF3B-B093EFA6DA7C&apn_ptnrs=&apn_sauid=FFA744A3-EDB8-4FC4-AECC-50A1C3F729D7&apn_dtid=OSJ000&q={searchTerms}
Gefunden [Search Provider] : hxxp://www.delta-search.com/?q={searchTerms}&affID=119656&babsrc=SP_ss&mntrId=12a577f50000000000001ef46a9cc692
FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-05-2014

Ran by Natasa und Armin (administrator) on SCHROEDER on 10-05-2014 22:05:08

Running from C:\Users\Natasa und Armin\Desktop

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 11

Boot Mode: Normal
 

The only official download link for FRST:

Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool 

Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
 

==================== Processes (Whitelisted) =================
 

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe

(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe

(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe

(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(FileOpen Systems Inc.) C:\ProgramData\FileOpen\Services\FileOpenManagerSvc64.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe

(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Windows\System32\prevhost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9644576 2009-12-15] (Realtek Semiconductor)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)

HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)

HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [UpdatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)

HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)

HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)

HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)

HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)

HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)

HKLM-x32\...\Run: [] => [X]

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-868785299-726797094-2297327714-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)

HKU\S-1-5-21-868785299-726797094-2297327714-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-06-14] (Google Inc.)

HKU\S-1-5-21-868785299-726797094-2297327714-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)

HKU\S-1-5-21-868785299-726797094-2297327714-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup

HKU\S-1-5-21-868785299-726797094-2297327714-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)

HKU\S-1-5-21-868785299-726797094-2297327714-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-06-14] (Google Inc.)

HKU\S-1-5-21-868785299-726797094-2297327714-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)

HKU\S-1-5-21-868785299-726797094-2297327714-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google

URLSearchHook: HKLM-x32 - (No Name) - {9427041a-a8dc-4d06-9a68-93873486e957} - No File

URLSearchHook: HKCU - pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\9.1\pdfforgeToolbarIE64.dll No File

URLSearchHook: HKCU - (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File

URLSearchHook: HKCU - (No Name) - {9427041a-a8dc-4d06-9a68-93873486e957} - No File

SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}

SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 

SearchScopes: HKLM-x32 - {777A245C-D638-4D06-98C2-D124300EBEFC} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN

SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}

SearchScopes: HKCU - DefaultScope {0EF84A43-2013-493D-BBBF-9276B06E1C8C} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}

SearchScopes: HKCU - {0EF84A43-2013-493D-BBBF-9276B06E1C8C} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}

SearchScopes: HKCU - {777A245C-D638-4D06-98C2-D124300EBEFC} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de___DE425

SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}

SearchScopes: HKCU - {BFE4BC16-D4E3-4556-890A-E03DD7EB0E7C} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}

SearchScopes: HKCU - {C3777C87-018C-470A-BAA4-84AD3FCAA7E7} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}

BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll No File

BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL No File

BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File

BHO: Ask Shopping Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport_x64.dll (APN LLC.)

BHO-x32: No Name - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -  No File

BHO-x32: No Name - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -  No File

BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File

BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File

BHO-x32: No Name - {9030D464-4C02-4ABF-8ECC-5164760863C6} -  No File

BHO-x32: No Name - {AA58ED58-01DD-4d91-8333-CF10577473F7} -  No File

BHO-x32: No Name - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -  No File

BHO-x32: No Name - {B4F3A835-0E21-4959-BA22-42B3008E02FF} -  No File

BHO-x32: No Name - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -  No File

BHO-x32: No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File

BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM - No Name - !{5018CFD2-804D-4C99-9F81-25EAEA2769DE} -  No File

Toolbar: HKLM - No Name - !{B922D405-6D13-4A2B-AE89-08A030DA4402} -  No File

Toolbar: HKLM - No Name - !{D4027C7F-154A-4066-A1AD-4243D8127440} -  No File

Toolbar: HKLM-x32 - No Name - {9427041a-a8dc-4d06-9a68-93873486e957} -  No File

Toolbar: HKLM-x32 - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File

Toolbar: HKLM-x32 - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File

Toolbar: HKLM-x32 - No Name - !{5018CFD2-804D-4C99-9F81-25EAEA2769DE} -  No File

Toolbar: HKLM-x32 - No Name - !{B922D405-6D13-4A2B-AE89-08A030DA4402} -  No File

Toolbar: HKLM-x32 - No Name - !{D4027C7F-154A-4066-A1AD-4243D8127440} -  No File

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKCU - Ask Shopping Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport_x64.dll (APN LLC.)

Toolbar: HKCU - No Name - {9427041A-A8DC-4D06-9A68-93873486E957} -  No File

Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File

Handler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} -  No File

Handler-x32: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} -  No File

Handler-x32: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} -  No File

Handler-x32: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} -  No File

Handler-x32: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} -  No File

Handler-x32: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} -  No File

Handler-x32: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} -  No File

Handler-x32: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} -  No File

Handler-x32: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} -  No File

Handler-x32: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} -  No File

Handler-x32: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} -  No File

Handler-x32: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} -  No File

Handler-x32: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} -  No File

Handler-x32: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} -  No File

Handler-x32: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} -  No File

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File

Handler-x32: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} -  No File

Handler-x32: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} -  No File

Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  No File

Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  No File

Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  No File

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL No File

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF HKCU\...\Firefox\Extensions: [{58bd07eb-0ee0-4df0-8121-dc9b693373df}] - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension

FF HKCU\...\Firefox\Extensions: [SpecialSavings@SpecialSavings.com] - C:\Users\Natasa und Armin\AppData\Roaming\Mozilla\Extensions\SpecialSavings@SpecialSavings.com

FF Extension: SpecialSavings - C:\Users\Natasa und Armin\AppData\Roaming\Mozilla\Extensions\SpecialSavings@SpecialSavings.com [2013-03-05]
 

Chrome: 

=======

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\gcswf32.dll No File

CHR Plugin: (vShare.tv plug-in) - C:\Users\Natasa und Armin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll (vShare.tv )

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File

CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File

CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Extension: (Surf Canyon) - C:\Users\Natasa und Armin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkhlgibem [2012-05-21]

CHR Extension: (SpecialSavings) - C:\Users\Natasa und Armin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfcpnihmbfoaeoakalclfalkdepgiaje [2013-03-06]

CHR Extension: (Allin1Convert) - C:\Users\Natasa und Armin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl [2014-04-23]

CHR Extension: (vshare plugin) - C:\Users\Natasa und Armin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj [2012-02-11]

CHR Extension: (Google Wallet) - C:\Users\Natasa und Armin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]

CHR HKLM-x32\...\Chrome\Extension: [bcjagnifjocnddgeknajocbkkhlgibem] - C:\Program Files (x86)\Chrome\surfcanyon.crx [2012-03-30]

CHR HKLM-x32\...\Chrome\Extension: [bfcpnihmbfoaeoakalclfalkdepgiaje] - C:\Users\Natasa und Armin\AppData\Roaming\SpecialSavings\SpecialSavings.crx [2012-03-30]
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-04-11] (APN LLC.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)

R2 FileOpenManagerSvc; C:\ProgramData\FileOpen\Services\FileOpenManagerSvc64.exe [331648 2011-03-09] (FileOpen Systems Inc.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-29] (Avira Operations GmbH & Co. KG)

U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-10] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)

U0 rhkkmim; C:\Windows\System32\drivers\glthrdtm.sys [79064 2014-05-10] (Malwarebytes Corporation)

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)

S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2010-11-03] (Windows (R) 2003 DDK 3790 provider)

R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

S1 hfucpqnp; \??\C:\Windows\system32\drivers\hfucpqnp.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-05-10 21:59 - 2014-05-10 21:59 - 00006844 _____ () C:\Users\Natasa und Armin\Desktop\JRT.txt

2014-05-10 21:46 - 2014-05-10 21:46 - 00000000 ____D () C:\Windows\ERUNT

2014-05-10 21:40 - 2014-05-10 21:41 - 00000000 ____D () C:\AdwCleaner

2014-05-10 21:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-05-10 21:38 - 2014-05-10 21:38 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\glthrdtm.sys

2014-05-10 20:26 - 2014-05-10 21:26 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-05-10 20:26 - 2014-05-10 21:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-05-10 20:26 - 2014-05-10 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-05-10 20:26 - 2014-05-10 20:26 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-05-10 20:26 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-05-10 20:26 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-05-10 20:26 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-05-10 10:28 - 2014-05-10 10:28 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Natasa und Armin\Desktop\mbam-setup-2.0.1.1004.exe

2014-05-10 10:28 - 2014-05-10 10:28 - 01316991 _____ () C:\Users\Natasa und Armin\Desktop\adwcleaner.exe

2014-05-09 21:53 - 2014-05-10 22:05 - 00000000 ____D () C:\Users\Natasa und Armin\Desktop\FRST-OlderVersion

2014-05-09 20:41 - 2014-05-09 21:48 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-05-09 20:36 - 2014-05-08 17:51 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Natasa und Armin\Desktop\revosetup95.exe

2014-05-07 19:46 - 2014-05-07 19:47 - 00027748 _____ () C:\Users\Natasa und Armin\Desktop\Addition.txt

2014-05-07 19:44 - 2014-05-10 22:05 - 00022321 _____ () C:\Users\Natasa und Armin\Desktop\FRST.txt

2014-05-07 19:44 - 2014-05-10 22:05 - 00000000 ____D () C:\FRST

2014-05-07 19:42 - 2014-05-10 22:05 - 02065408 _____ (Farbar) C:\Users\Natasa und Armin\Desktop\FRST64.exe

2014-05-07 19:42 - 2014-05-07 19:42 - 00000645 _____ () C:\Users\Natasa und Armin\Desktop\FRST64 - Verknüpfung.lnk

2014-05-04 09:25 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-04 09:24 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-04 09:24 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-05-04 09:24 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-05-01 16:50 - 2014-05-01 16:50 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-04-30 22:14 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-04-30 22:14 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-04-23 20:18 - 2014-04-25 06:08 - 00003662 _____ () C:\Windows\System32\Tasks\DTChk

2014-04-23 20:18 - 2014-04-23 20:18 - 00000000 ____D () C:\Users\Public\Util

2014-04-23 14:11 - 2014-04-23 14:11 - 00000000 ____D () C:\Users\Natasa und Armin\AppData\Roaming\Media Player Classic

2014-04-23 13:59 - 2014-04-23 13:59 - 00000000 ____D () C:\Users\Natasa und Armin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jet

2014-04-23 13:57 - 2014-04-23 14:00 - 00000000 ____D () C:\Users\Natasa und Armin\AppData\Local\Performersoft

2014-04-23 12:43 - 2014-04-23 12:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf

2014-04-23 11:51 - 2014-04-23 11:51 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log

2014-04-23 11:50 - 2014-04-23 13:51 - 00000000 ____D () C:\Users\Natasa und Armin\Documents\samsung

2014-04-23 11:50 - 2014-04-23 11:50 - 00000000 ____D () C:\Users\Natasa und Armin\AppData\Roaming\Samsung

2014-04-23 11:50 - 2014-04-23 11:50 - 00000000 ____D () C:\Users\Natasa und Armin\AppData\Local\Samsung

2014-04-23 11:49 - 2014-04-23 11:49 - 00002002 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk

2014-04-23 11:49 - 2014-04-23 11:49 - 00001992 _____ () C:\Users\Public\Desktop\Samsung Kies.lnk

2014-04-23 11:48 - 2014-04-23 11:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec

2014-04-23 11:47 - 2014-01-23 18:23 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll

2014-04-23 11:47 - 2014-01-23 18:23 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll

2014-04-23 11:44 - 2014-04-23 11:44 - 75397136 _____ (Samsung Electronics Co., Ltd.) C:\Users\Natasa und Armin\Desktop\KiesSetup.exe

2014-04-23 11:44 - 2014-04-23 11:44 - 00000000 ____D () C:\Users\Natasa und Armin\AppData\Local\Downloaded Installations

2014-04-23 09:44 - 2014-04-23 09:44 - 00000000 __SHD () C:\Users\Natasa und Armin\AppData\Local\EmieUserList

2014-04-23 09:44 - 2014-04-23 09:44 - 00000000 __SHD () C:\Users\Natasa und Armin\AppData\Local\EmieSiteList

2014-04-23 09:08 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-04-23 09:08 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-04-23 09:08 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-04-23 09:08 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-04-23 09:07 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-04-23 09:07 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-04-23 09:07 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-04-23 09:07 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-04-23 09:07 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-04-23 09:07 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-04-23 09:07 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-04-23 09:07 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-04-23 09:07 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-04-23 09:07 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-04-23 09:07 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-04-23 09:07 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-04-23 09:07 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-04-23 09:07 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-04-23 09:07 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-04-23 09:07 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-04-23 09:07 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-04-23 09:07 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-04-23 09:07 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-04-23 09:07 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-04-23 09:07 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-04-23 09:07 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-04-23 09:07 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-04-23 09:07 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-04-23 09:07 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-04-23 09:07 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-04-23 09:07 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-04-23 09:07 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-04-23 09:07 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-04-23 09:07 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-04-23 09:07 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-04-23 09:07 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-04-23 09:07 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-04-23 09:07 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-04-23 09:07 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-04-23 09:07 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-04-23 09:07 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-04-23 09:07 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-04-23 09:07 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-04-23 09:07 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-04-19 21:33 - 2014-05-09 21:27 - 00000000 ____D () C:\Users\Natasa und Armin\AppData\Local\iLivid

2014-04-14 22:59 - 2014-04-14 22:59 - 00000000 ____D () C:\Users\Natasa und Armin\Documents\Hautkrebs
 

==================== One Month Modified Files and Folders =======
 

2014-05-10 22:05 - 2014-05-09 21:53 - 00000000 ____D () C:\Users\Natasa und Armin\Desktop\FRST-OlderVersion

2014-05-10 22:05 - 2014-05-07 19:44 - 00022321 _____ () C:\Users\Natasa und Armin\Desktop\FRST.txt

2014-05-10 22:05 - 2014-05-07 19:44 - 00000000 ____D () C:\FRST

2014-05-10 22:05 - 2014-05-07 19:42 - 02065408 _____ (Farbar) C:\Users\Natasa und Armin\Desktop\FRST64.exe

2014-05-10 22:04 - 2012-04-08 11:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-05-10 21:59 - 2014-05-10 21:59 - 00006844 _____ () C:\Users\Natasa und Armin\Desktop\JRT.txt

2014-05-10 21:46 - 2014-05-10 21:46 - 00000000 ____D () C:\Windows\ERUNT

2014-05-10 21:43 - 2011-04-01 21:53 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-05-10 21:41 - 2014-05-10 21:40 - 00000000 ____D () C:\AdwCleaner

2014-05-10 21:38 - 2014-05-10 21:38 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\glthrdtm.sys

2014-05-10 21:26 - 2014-05-10 20:26 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-05-10 21:25 - 2014-05-10 20:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-05-10 21:16 - 2009-07-14 06:45 - 00013936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-05-10 21:16 - 2009-07-14 06:45 - 00013936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-05-10 21:13 - 2010-06-14 12:51 - 01854646 _____ () C:\Windows\WindowsUpdate.log

2014-05-10 21:07 - 2011-04-01 21:53 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-05-10 21:07 - 2011-04-01 18:26 - 00000000 ____D () C:\Users\Natasa und Armin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite

2014-05-10 21:07 - 2010-06-14 13:34 - 01144756 _____ () C:\Windows\PFRO.log

2014-05-10 21:07 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-05-10 21:07 - 2009-07-14 06:51 - 00093032 _____ () C:\Windows\setupact.log

2014-05-10 21:05 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\Performance

2014-05-10 20:26 - 2014-05-10 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-05-10 20:26 - 2014-05-10 20:26 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-05-10 20:23 - 2010-06-15 05:23 - 00700134 _____ () C:\Windows\system32\perfh007.dat

2014-05-10 20:23 - 2010-06-15 05:23 - 00149984 _____ () C:\Windows\system32\perfc007.dat

2014-05-10 20:23 - 2009-07-14 07:13 - 01622236 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-05-10 10:28 - 2014-05-10 10:28 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Natasa und Armin\Desktop\mbam-setup-2.0.1.1004.exe

2014-05-10 10:28 - 2014-05-10 10:28 - 01316991 _____ () C:\Users\Natasa und Armin\Desktop\adwcleaner.exe

2014-05-09 21:48 - 2014-05-09 20:41 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-05-09 21:46 - 2012-02-14 21:48 - 00000000 ____D () C:\Program Files (x86)\iMesh Applications

2014-05-09 21:27 - 2014-04-19 21:33 - 00000000 ____D () C:\Users\Natasa und Armin\AppData\Local\iLivid

2014-05-09 21:24 - 2011-09-27 20:23 - 00001692 _____ () C:\prefs.js

2014-05-08 17:51 - 2014-05-09 20:36 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Natasa und Armin\Desktop\revosetup95.exe

2014-05-07 19:47 - 2014-05-07 19:46 - 00027748 _____ () C:\Users\Natasa und Armin\Desktop\Addition.txt

2014-05-07 19:42 - 2014-05-07 19:42 - 00000645 _____ () C:\Users\Natasa und Armin\Desktop\FRST64 - Verknüpfung.lnk

2014-05-03 21:52 - 2011-12-14 22:05 - 00000000 ____D () C:\Users\Natasa und Armin\Tracing

2014-05-03 08:18 - 2009-07-14 06:45 - 00445752 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-05-01 20:37 - 2011-04-01 18:38 - 00000000 ___RD () C:\Users\Natasa und Armin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-05-01 20:31 - 2011-04-01 18:26 - 00000000 ____D () C:\Users\Natasa und Armin

2014-05-01 20:30 - 2013-09-26 21:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

2014-05-01 20:30 - 2010-06-14 13:03 - 00000000 ____D () C:\ProgramData\WinClon

2014-05-01 20:30 - 2010-06-14 12:47 - 00000000 ____D () C:\Windows\SysWOW64\x64

2014-05-01 20:30 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2014-05-01 20:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\schemas

2014-05-01 20:29 - 2010-06-15 05:08 - 00000000 ___RD () C:\Users\Public\Recorded TV

2014-05-01 20:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration

2014-05-01 20:28 - 2011-04-01 22:26 - 00000000 ____D () C:\Users\Natasa und Armin\AppData\Roaming\SoftGrid Client

2014-05-01 20:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-05-01 20:24 - 2013-09-26 21:32 - 00000000 ____D () C:\Program Files\Microsoft Office 15

2014-05-01 16:50 - 2014-05-01 16:50 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-04-29 20:59 - 2012-04-08 11:16 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-04-29 20:59 - 2012-04-08 11:16 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-04-29 20:59 - 2012-02-22 21:40 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-04-29 16:01 - 2014-05-04 09:25 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-04-29 15:40 - 2014-05-04 09:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-04-29 14:48 - 2014-05-04 09:24 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-04-29 14:34 - 2014-05-04 09:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-04-26 23:20 - 2014-03-30 20:32 - 00000000 ____D () C:\Users\Natasa und Armin\Documents\Kabel Deutschland

2014-04-25 06:08 - 2014-04-23 20:18 - 00003662 _____ () C:\Windows\System32\Tasks\DTChk

2014-04-25 06:08 - 2014-01-12 20:39 - 00003894 _____ () C:\Windows\System32\Tasks\DTReg

2014-04-25 06:08 - 2013-08-14 20:43 - 00000306 __RSH () C:\Users\Natasa und Armin\ntuser.pol

2014-04-24 19:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared

2014-04-23 20:18 - 2014-04-23 20:18 - 00000000 ____D () C:\Users\Public\Util

2014-04-23 14:11 - 2014-04-23 14:11 - 00000000 ____D () C:\Users\Natasa und Armin\AppData\Roaming\Media Player Classic

2014-04-23 14:00 - 2014-04-23 13:57 - 00000000 ____D () C:\Users\Natasa und Armin\AppData\Local\Performersoft

2014-04-23 13:59 - 2014-04-23 13:59 - 00000000 ____D () C:\Users\Natasa und Armin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jet

2014-04-23 13:51 - 2014-04-23 11:50 - 00000000 ____D () C:\Users\Natasa und Armin\Documents\samsung

2014-04-23 12:43 - 2014-04-23 12:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf

2014-04-23 11:51 - 2014-04-23 11:51 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log

2014-04-23 11:50 - 2014-04-23 11:50 - 00000000 ____D () C:\Users\Natasa und Armin\AppData\Roaming\Samsung

2014-04-23 11:50 - 2014-04-23 11:50 - 00000000 ____D () C:\Users\Natasa und Armin\AppData\Local\Samsung

2014-04-23 11:49 - 2014-04-23 11:49 - 00002002 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk

2014-04-23 11:49 - 2014-04-23 11:49 - 00001992 _____ () C:\Users\Public\Desktop\Samsung Kies.lnk

2014-04-23 11:49 - 2010-06-14 12:52 - 00000000 ____D () C:\Program Files (x86)\Samsung

2014-04-23 11:48 - 2014-04-23 11:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec

2014-04-23 11:48 - 2010-06-14 13:02 - 00000000 ____D () C:\ProgramData\SAMSUNG

2014-04-23 11:48 - 2010-06-14 12:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung

2014-04-23 11:47 - 2010-06-14 12:47 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-04-23 11:44 - 2014-04-23 11:44 - 75397136 _____ (Samsung Electronics Co., Ltd.) C:\Users\Natasa und Armin\Desktop\KiesSetup.exe

2014-04-23 11:44 - 2014-04-23 11:44 - 00000000 ____D () C:\Users\Natasa und Armin\AppData\Local\Downloaded Installations

2014-04-23 09:44 - 2014-04-23 09:44 - 00000000 __SHD () C:\Users\Natasa und Armin\AppData\Local\EmieUserList

2014-04-23 09:44 - 2014-04-23 09:44 - 00000000 __SHD () C:\Users\Natasa und Armin\AppData\Local\EmieSiteList

2014-04-14 22:59 - 2014-04-14 22:59 - 00000000 ____D () C:\Users\Natasa und Armin\Documents\Hautkrebs

2014-04-14 04:24 - 2014-04-30 22:14 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-04-14 04:19 - 2014-04-30 22:14 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-04-10 07:42 - 2013-08-19 08:02 - 00000000 ____D () C:\Windows\system32\MRT

2014-04-10 07:28 - 2011-04-06 21:40 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 

Files to move or delete:

====================

C:\Users\Natasa und Armin\chromeinstall-7u5.exe
 
 

Some content of TEMP:

====================

C:\Users\Natasa und Armin\AppData\Local\Temp\6_Offer_14.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\ApnStub.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\AskSLib.dll

C:\Users\Natasa und Armin\AppData\Local\Temp\avgnt.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\BackupSetup.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\chutil.dll

C:\Users\Natasa und Armin\AppData\Local\Temp\contentDATs.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\FileSystemView.dll

C:\Users\Natasa und Armin\AppData\Local\Temp\iMesh_setup.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\Installhelper.dll

C:\Users\Natasa und Armin\AppData\Local\Temp\install_flashplayer11x64ax_gtbp_chra_aih.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\install_flashplayer11x64ax_gtbp_chra_aih_1.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\jre-7u6-windows-i586-iftw.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\NEWE062.tmp.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\OfficeSetup.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\Quarantine.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\SecurityScan_Release.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\setup.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\sqlite3.dll

C:\Users\Natasa und Armin\AppData\Local\Temp\SRAssetsHelper.dll

C:\Users\Natasa und Armin\AppData\Local\Temp\uninst1.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\vcredist_x64.exe

C:\Users\Natasa und Armin\AppData\Local\Temp\vcredist_x86.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-04-29 22:07
 

==================== End Of Log ============================

--- --- ---