Avira findet Trojanisches Pferd TR/Kazy.169263.1

chris1309 · 04.07.2013, 13:42

Hallo zusammen,

ich hab mir scheinbar was eingefangen.
Angefangen hat es heute morgen, als sich Windows nicht mehr starten lies.
Nachdem das automatische Recovery/Repair Programm nicht weiter gekommen ist, konnte ich über die F5 option das System zum letzten funktionierenden Wiederherstellungspunkt starten.

Ich habe dann gleich mal Avira laufen lassen.
hier der Log dazu:

Code:

ATTFilter

Avira Professional Security
Erstellungsdatum der Reportdatei: Donnerstag, 4. Juli 2013  10:59

Es wird nach 5012869 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : xxx
Seriennummer   : xxx
Plattform      : Windows 7 Professional
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : xxx
Computername   : R187129

Versionsinformationen:
BUILD.DAT      : 12.1.9.1580    46763 Bytes  22.11.2012 08:52:00
AVSCAN.EXE     : 12.3.0.48     468256 Bytes  05.11.2012 09:13:07
AVSCAN.DLL     : 12.3.0.15      66256 Bytes  14.05.2012 12:34:37
LUKE.DLL       : 12.3.0.15      68304 Bytes  14.05.2012 12:34:39
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  08.05.2012 07:30:18
AVREG.DLL      : 12.3.0.17     232200 Bytes  10.05.2012 14:19:40
VBASE000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 10:49:47
VBASE001.VDF   : 7.11.74.226  2201600 Bytes  30.04.2013 10:36:43
VBASE002.VDF   : 7.11.80.60   2751488 Bytes  28.05.2013 18:59:18
VBASE003.VDF   : 7.11.85.214  2162688 Bytes  21.06.2013 11:36:12
VBASE004.VDF   : 7.11.85.215     2048 Bytes  21.06.2013 11:36:12
VBASE005.VDF   : 7.11.85.216     2048 Bytes  21.06.2013 11:36:12
VBASE006.VDF   : 7.11.85.217     2048 Bytes  21.06.2013 11:36:12
VBASE007.VDF   : 7.11.85.218     2048 Bytes  21.06.2013 11:36:12
VBASE008.VDF   : 7.11.85.219     2048 Bytes  21.06.2013 11:36:12
VBASE009.VDF   : 7.11.85.220     2048 Bytes  21.06.2013 11:36:12
VBASE010.VDF   : 7.11.85.221     2048 Bytes  21.06.2013 11:36:12
VBASE011.VDF   : 7.11.85.222     2048 Bytes  21.06.2013 11:36:12
VBASE012.VDF   : 7.11.85.223     2048 Bytes  21.06.2013 11:36:12
VBASE013.VDF   : 7.11.85.224     2048 Bytes  21.06.2013 11:36:12
VBASE014.VDF   : 7.11.86.93    870400 Bytes  24.06.2013 09:14:19
VBASE015.VDF   : 7.11.86.223   331776 Bytes  25.06.2013 07:40:15
VBASE016.VDF   : 7.11.87.67    204800 Bytes  27.06.2013 08:51:54
VBASE017.VDF   : 7.11.87.157   247296 Bytes  28.06.2013 06:41:54
VBASE018.VDF   : 7.11.87.221   196608 Bytes  30.06.2013 06:41:54
VBASE019.VDF   : 7.11.88.51    356352 Bytes  02.07.2013 09:41:27
VBASE020.VDF   : 7.11.88.119   182272 Bytes  03.07.2013 08:58:11
VBASE021.VDF   : 7.11.88.120     2048 Bytes  03.07.2013 08:58:11
VBASE022.VDF   : 7.11.88.121     2048 Bytes  03.07.2013 08:58:11
VBASE023.VDF   : 7.11.88.122     2048 Bytes  03.07.2013 08:58:11
VBASE024.VDF   : 7.11.88.123     2048 Bytes  03.07.2013 08:58:11
VBASE025.VDF   : 7.11.88.124     2048 Bytes  03.07.2013 08:58:11
VBASE026.VDF   : 7.11.88.125     2048 Bytes  03.07.2013 08:58:11
VBASE027.VDF   : 7.11.88.126     2048 Bytes  03.07.2013 08:58:11
VBASE028.VDF   : 7.11.88.127     2048 Bytes  03.07.2013 08:58:11
VBASE029.VDF   : 7.11.88.128     2048 Bytes  03.07.2013 08:58:11
VBASE030.VDF   : 7.11.88.129     2048 Bytes  03.07.2013 08:58:12
VBASE031.VDF   : 7.11.88.178   116224 Bytes  04.07.2013 08:58:12
Engineversion  : 8.2.12.68 
AEVDF.DLL      : 8.1.3.4       102774 Bytes  13.06.2013 13:30:14
AESCRIPT.DLL   : 8.1.4.126     483710 Bytes  27.06.2013 13:52:08
AESCN.DLL      : 8.1.10.4      131446 Bytes  26.03.2013 13:40:08
AESBX.DLL      : 8.2.5.12      606578 Bytes  14.06.2012 12:26:10
AERDL.DLL      : 8.2.0.128     688504 Bytes  13.06.2013 13:30:13
AEPACK.DLL     : 8.3.2.24      749945 Bytes  20.06.2013 08:23:14
AEOFFICE.DLL   : 8.1.2.60      205181 Bytes  18.06.2013 13:26:02
AEHEUR.DLL     : 8.1.4.436    5964154 Bytes  27.06.2013 13:52:08
AEHELP.DLL     : 8.1.27.4      266617 Bytes  27.06.2013 13:52:00
AEGEN.DLL      : 8.1.7.6       442742 Bytes  27.06.2013 13:52:00
AEEXP.DLL      : 8.4.0.34      201079 Bytes  05.06.2013 09:58:51
AEEMU.DLL      : 8.1.3.2       393587 Bytes  10.07.2012 10:16:04
AECORE.DLL     : 8.1.31.6      201081 Bytes  27.06.2013 13:51:59
AEBB.DLL       : 8.1.1.4        53619 Bytes  05.11.2012 14:13:01
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  14.05.2012 12:34:37
AVPREF.DLL     : 12.3.0.32      50720 Bytes  05.11.2012 09:13:06
AVREP.DLL      : 12.3.0.15     179208 Bytes  08.05.2012 07:30:18
AVARKT.DLL     : 12.3.0.33     209696 Bytes  05.11.2012 09:13:05
AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  14.05.2012 12:34:37
SQLITE3.DLL    : 3.7.0.1       398288 Bytes  14.05.2012 12:34:39
AVSMTP.DLL     : 12.3.0.32      63992 Bytes  09.08.2012 10:13:05
NETNT.DLL      : 12.3.0.15      17104 Bytes  14.05.2012 12:34:39
RCIMAGE.DLL    : 12.3.0.31    4713720 Bytes  09.08.2012 10:13:03
RCTEXT.DLL     : 12.3.0.32      98848 Bytes  05.11.2012 09:13:01

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Laufwerke
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\alldrives.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, 
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Donnerstag, 4. Juli 2013  10:59

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'STOFFICE.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sua.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hamachi-2-ui.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TouchDR.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smax4pnp.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'psi_tray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ISUSPM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleUpdate.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsGHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NASvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleUpdate.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqwmiex.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avmailc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WinVNC.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WinVNC.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeamViewer_Service.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PSIA.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IGDCTRL.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'eslcbcst.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Windows\Sysnative\drivers\sptd.sys
  [WARNUNG]   Die Datei konnte nicht geöffnet werden!
Die Registry wurde durchsucht ( '3672' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\Users\Christian\AppData\Roaming\Apple Computer\MobileSync\Backup\758a73a37f08b4c10ed2bac6820f7dfea5b2ae80\3e6cd19039a48e058b7f931a13571538d0a07097
  [0] Archivtyp: ZIP
  --> Mahnung 30.04.2013 Kaufvertrag.zip
      [1] Archivtyp: ZIP
    --> Mahnung 30.04.2013 Kaufvertrag.com
        [FUND]      Ist das Trojanische Pferd TR/Kazy.169263.1
C:\Users\Christian_2\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Downloads\00DD22BA9AC244DCF422D97404067E266F00000000080052EE.exe
  [WARNUNG]   Die Datei konnte nicht gelesen werden!
Beginne mit der Suche in 'D:\'
Der zu durchsuchende Pfad D:\ konnte nicht geöffnet werden!
Systemfehler [21]: The device is not ready.

Beginne mit der Desinfektion:
C:\Users\Christian\AppData\Roaming\Apple Computer\MobileSync\Backup\758a73a37f08b4c10ed2bac6820f7dfea5b2ae80\3e6cd19039a48e058b7f931a13571538d0a07097
  [FUND]      Ist das Trojanische Pferd TR/Kazy.169263.1
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56b8c956.qua' verschoben!


Ende des Suchlaufs: Donnerstag, 4. Juli 2013  14:14
Benötigte Zeit:  3:14:52 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  36352 Verzeichnisse wurden überprüft
 915015 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      1 Dateien konnten nicht durchsucht werden
 915013 Dateien ohne Befall
   5729 Archive wurden durchsucht
      2 Warnungen
      1 Hinweise

Ich arbeite geraden noch die Anleitung ab und Poste dann noch die Logs von OTL und Gmer.

Schon mal danke im vorraus für eure Hilfe!
Chris

schrauber · 04.07.2013, 13:43

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Scan.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

chris1309 · 04.07.2013, 13:51

Hi markusg und schrauber,

ich glaube ihr habt zeitgleich geantwortet.
Was soll ich nun befolgen?

schrauber · 04.07.2013, 14:16

FRST bitte

chris1309 · 04.07.2013, 14:27

hier die beiden Berichte von FRST:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by Christian (ATTENTION: The logged in user is not administrator) on 04-07-2013 14:59:55
Running from C:\Users\Christian\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Bioscrypt Inc.) C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\AsGHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(hxxp://shotty.devs-on.net) C:\Program Files\Shotty\Shotty.exe
(Macrovision Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Canon Electronics Inc.) C:\Program Files (x86)\Canon Electronics\DRC125\TouchDR.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Google Inc.) C:\Users\Christian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Christian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Christian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Christian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Christian\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Users\Christian\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Users\Christian\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [CANON DR-C125 SVC] rundll32.exe DRDcSvc.dll,EntryPointUserMessage [x]
HKLM\...\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [Google Update] "C:\Users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-10-19] (Google Inc.)
HKCU\...\Run: [Shotty] C:\Program Files\Shotty\Shotty.exe [724480 2012-02-24] (hxxp://shotty.devs-on.net)
HKCU\...\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler [222128 2007-03-29] (Macrovision Corporation)
HKCU\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [x]
HKCU\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [x]
HKCU\...\Policies\system: [disableregistrytools] 0
HKLM-x32\...\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DR-C125 CaptureOnTouch] "C:\Program Files (x86)\Canon Electronics\DRC125\TouchDR.exe" LOGON [942080 2011-10-17] (Canon Electronics Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255184 2013-06-28] (LogMeIn Inc.)
AppInit_DLLs: C:\PROGRA~2\HEWLET~1\IAM\Bin\APSHook64.dll C:\PROGRA~2\HEWLET~1\IAM\Bin\APSHook64.dll C:\PROGRA~2\HEWLET~1\IAM\Bin\APSHook64.dll C:\PROGRA~2\HEWLET~1\IAM\Bin\APSHook64.dll C:\PROGRA~2\HEWLET~1\IAM\bin\APSHOO~1.DLL [382224 2009-07-28] (Bioscrypt Inc.)
AppInit_DLLs-x32: C:\PROGRA~2\HEWLET~1\IAM\Bin\APSHook.dll [89872 2009-07-28] (Bioscrypt Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: (No Name) - {40c3cc16-7269-4b32-9531-17f2950fb06f} -  No File
SearchScopes: HKCU - {928BF95A-0095-41F0-9C9C-2E5C7A96A451} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
BHO: Credential Manager for HP ProtectTools - {0EA99306-BC87-4930-9E1D-1D1EA32A7E4E} - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn64.dll (Bioscrypt Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {40C3CC16-7269-4B32-9531-17F2950FB06F} -  No File
DPF: HKLM-x32 {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
ShellExecuteHooks-x32:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{29218194-1DAD-4B03-A7BE-82EEA883C6EE}: [NameServer]192.168.1.254
Tcpip\..\Interfaces\{C8856292-F24E-4915-BAD7-ED4B5793B309}: [NameServer]192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\hmnn1dq1.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX OVS Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Christian\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Christian\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\hmnn1dq1.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF HKLM-x32\...\Firefox\Extensions: [webbooster@iminent.com] C:\Program Files (x86)\Iminent\webbooster@iminent.com
FF Extension: No Name - C:\Program Files (x86)\Iminent\webbooster@iminent.com

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (GrepoHandel) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\achfjibbmdooeehfabckogpgonhjgkfa\0.1_0
CHR Extension: (AT_VivienneWestwood) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahhehaklopgggapefjdijagkgbgeapkb\2_0
CHR Extension: (YouTube) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Chrome YouTube Downloader) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja\2.6.15_0
CHR Extension: (grepokultur.user.js) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfflcjnljpdomobfhknnhepdcjnkhob\1.0_0
CHR Extension: (Google Search) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (DivX HiQ) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0
CHR Extension: (Grepolis Gtio2.0Tools) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakcdajhnepchhadiplaljlhlpojifng\0.2.4_0
CHR Extension: (GrepoTownList) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjmjbchnmllbbcdaiiohbjcdapeback\0.5_0
CHR Extension: (Grepolis Gtio2.0Tools) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\kegbmfaeodbbmpaoglbngmclcjeopoif\0.2.4_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_1
CHR Extension: (Gmail) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2008-07-15] (Andrea Electronics Corporation)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [375760 2012-05-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [465360 2012-05-14] (Avira Operations GmbH & Co. KG)
R2 ASBroker; C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [192784 2009-07-28] (Bioscrypt Inc.)
R2 ASChannel; C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\AsChnl.dll [150288 2009-07-28] (Bioscrypt Inc.)
S3 BITS; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 EskerLicenseControl; C:\Program Files (x86)\Esker\Common\eslcbcst.exe [315479 2008-08-25] (Esker S.A.)
S3 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [45056 2009-08-07] (Hewlett-Packard Development Company, L.P)
R2 IGDCTRL; C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE [87344 2007-09-04] (AVM Berlin)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [655944 2012-07-03] (Malwarebytes Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S4 Prosieben; C:\Program Files (x86)\maxdome\DCBin\DCService.exe [77032 2009-05-01] (Entriq, Inc.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1223704 2013-02-07] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660504 2013-02-07] (Secunia)
R2 uvnc_service; C:\Program Files (x86)\UltraVNC\WinVNC.exe [1590216 2009-12-07] (UltraVNC)
S2 RoxLiveShare9; "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-14] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-14] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-09-16] (Avira GmbH)
R3 HBtnKey; C:\Windows\System32\DRIVERS\cpqbttn.sys [19000 2010-02-25] (Hewlett-Packard Company)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-02-07] (Secunia)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1875624 2008-10-09] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2010-09-17] (Duplex Secure Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-04-29] ()
S3 TridVid; C:\Windows\System32\DRIVERS\tridvid6010.sys [404352 2010-07-13] (10Moons Technologies Co.,Ltd)
S3 UDXTTM6000; C:\Windows\System32\Drivers\UDXTTM6000.sys [365824 2007-02-28] ()
S3 UDXTTM6000HID; C:\Windows\System32\drivers\UDXTTM6000HID.sys [17920 2007-02-28] (DTV-DVB)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U4 eabfiltr; 
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-04 14:59 - 2013-07-04 14:59 - 00000000 ____D C:\FRST
2013-07-04 14:58 - 2013-07-04 14:58 - 00095774 ____A C:\Users\Christian\Downloads\OTL.Txt
2013-07-04 14:53 - 2013-07-04 14:53 - 01934636 ____A (Farbar) C:\Users\Christian\Downloads\FRST64.exe
2013-07-04 14:33 - 2013-07-04 14:33 - 00602112 ____A (OldTimer Tools) C:\Users\Christian\Downloads\OTL.exe
2013-07-04 14:25 - 2013-07-04 14:25 - 00000594 ____A C:\Users\Christian\Downloads\defogger_disable.log
2013-07-04 14:25 - 2013-07-04 14:25 - 00000020 ____A C:\Users\Christian_2\defogger_reenable
2013-07-04 14:24 - 2013-07-04 14:24 - 00050477 ____A C:\Users\Christian\Downloads\Defogger.exe
2013-07-04 14:22 - 2013-07-04 14:22 - 00793536 ____A C:\Users\Christian\Downloads\ZipOpenerSetup.exe
2013-07-04 12:59 - 2013-07-04 13:11 - 272275248 ____A (Microsoft Corporation) C:\Users\Christian\Downloads\lp-de-de_2ecd8315fcc93731c126cc8de2dc077c3a2f8bd1.exe
2013-07-04 12:59 - 2013-07-04 12:59 - 01055082 ____A (www.froggie.sk) C:\Users\Christian\Downloads\Vistalizator24.exe
2013-07-03 10:03 - 2013-07-03 10:03 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2013-07-03 10:03 - 2013-06-09 21:59 - 00216064 ____A C:\Windows\SysWOW64\gcapi_dll.dll
2013-07-03 10:01 - 2013-07-03 10:01 - 29978944 ____A (Foxit Corporation                                           ) C:\Users\Christian\Downloads\FoxitReader605.0618_enu_Setup (1).exe
2013-07-03 09:58 - 2013-07-03 09:59 - 29978944 ____A (Foxit Corporation                                           ) C:\Users\Christian\Downloads\FoxitReader605.0618_enu_Setup.exe
2013-07-03 08:38 - 2013-07-03 08:38 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-07-02 17:51 - 2013-07-02 17:51 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-02 17:51 - 2013-07-02 17:51 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-02 17:51 - 2013-07-02 17:51 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-02 17:51 - 2013-07-02 17:51 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-02 17:51 - 2013-07-02 17:51 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-02 17:51 - 2013-07-02 17:51 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-02 17:51 - 2013-07-02 17:51 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-02 17:51 - 2013-07-02 17:51 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-02 17:51 - 2013-07-02 17:51 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-02 17:51 - 2013-07-02 17:51 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-02 17:51 - 2013-07-02 17:51 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-02 17:47 - 2013-07-02 17:57 - 00010048 ____A C:\Windows\IE10_main.log
2013-07-02 09:34 - 2013-07-02 16:01 - 00000000 ____D C:\Users\Christian\Desktop\Wiedelympics Gruppen
2013-06-28 08:48 - 2013-06-28 08:48 - 00010301 ____A C:\Users\Christian\Desktop\boden kalkulation.ods
2013-06-20 15:35 - 2013-06-20 15:35 - 00001743 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-20 15:34 - 2013-06-20 15:35 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-20 15:34 - 2013-06-20 15:35 - 00000000 ____D C:\Program Files\iTunes
2013-06-20 15:34 - 2013-06-20 15:34 - 00000000 ____D C:\Program Files\iPod
2013-06-19 09:36 - 2013-06-19 09:36 - 13328730 ____A C:\Users\Christian\Downloads\Eispromo2013.zip
2013-06-12 08:49 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 08:49 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 08:49 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 08:49 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 08:49 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 08:49 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 08:49 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 08:49 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 08:49 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 08:49 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 08:49 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 08:49 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 08:49 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 08:49 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 08:49 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 08:49 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 08:49 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 08:48 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 08:48 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 21:52 - 2013-06-14 15:17 - 00011930 ____A C:\Users\Christian\Desktop\Kosten _Umbau Arndtstr. 13.xlsx
2013-06-11 18:06 - 2013-06-26 09:35 - 519893268 ____A C:\Windows\MEMORY.DMP

==================== One Month Modified Files and Folders =======

2013-07-04 14:59 - 2013-07-04 14:59 - 00000000 ____D C:\FRST
2013-07-04 14:58 - 2013-07-04 14:58 - 00095774 ____A C:\Users\Christian\Downloads\OTL.Txt
2013-07-04 14:53 - 2013-07-04 14:53 - 01934636 ____A (Farbar) C:\Users\Christian\Downloads\FRST64.exe
2013-07-04 14:53 - 2012-04-13 18:40 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-04 14:43 - 2010-03-09 15:41 - 00000000 ____D C:\Users\Christian\AppData\Local\LogMeIn Hamachi
2013-07-04 14:36 - 2009-07-14 06:45 - 00013568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-04 14:36 - 2009-07-14 06:45 - 00013568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-04 14:35 - 2009-07-14 07:13 - 00730448 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-04 14:33 - 2013-07-04 14:33 - 00602112 ____A (OldTimer Tools) C:\Users\Christian\Downloads\OTL.exe
2013-07-04 14:33 - 2012-07-18 08:17 - 01561328 ____A C:\Windows\WindowsUpdate.log
2013-07-04 14:32 - 2013-05-07 09:40 - 00002383 ____A C:\Users\Christian\Desktop\Google Chrome.lnk
2013-07-04 14:32 - 2011-02-02 10:14 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Dropbox
2013-07-04 14:31 - 2011-02-02 10:18 - 00000000 ___RD C:\Users\Christian\Dropbox
2013-07-04 14:29 - 2013-04-29 12:25 - 00000422 ____A C:\Windows\Tasks\SlimDrivers Startup.job
2013-07-04 14:28 - 2013-02-27 08:01 - 00012686 ____A C:\Windows\setupact.log
2013-07-04 14:28 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-04 14:25 - 2013-07-04 14:25 - 00000594 ____A C:\Users\Christian\Downloads\defogger_disable.log
2013-07-04 14:25 - 2013-07-04 14:25 - 00000020 ____A C:\Users\Christian_2\defogger_reenable
2013-07-04 14:25 - 2012-07-27 11:14 - 00000000 ____D C:\users\Christian_2
2013-07-04 14:24 - 2013-07-04 14:24 - 00050477 ____A C:\Users\Christian\Downloads\Defogger.exe
2013-07-04 14:23 - 2011-04-27 10:36 - 00001136 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1284297116-794809632-3988175124-1000UA.job
2013-07-04 14:22 - 2013-07-04 14:22 - 00793536 ____A C:\Users\Christian\Downloads\ZipOpenerSetup.exe
2013-07-04 14:20 - 2009-12-16 23:20 - 00000000 ____D C:\Users\Christian\AppData\Roaming\vlc
2013-07-04 14:20 - 2009-12-08 12:39 - 00080896 __ASH C:\Users\Christian\Thumbs.db
2013-07-04 13:11 - 2013-07-04 12:59 - 272275248 ____A (Microsoft Corporation) C:\Users\Christian\Downloads\lp-de-de_2ecd8315fcc93731c126cc8de2dc077c3a2f8bd1.exe
2013-07-04 12:59 - 2013-07-04 12:59 - 01055082 ____A (www.froggie.sk) C:\Users\Christian\Downloads\Vistalizator24.exe
2013-07-04 10:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-07-03 16:44 - 2009-11-24 17:06 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Skype
2013-07-03 10:15 - 2012-05-24 08:45 - 00000000 ____D C:\Users\Christian\AppData\Local\Shotty
2013-07-03 10:03 - 2013-07-03 10:03 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2013-07-03 10:03 - 2013-05-06 10:31 - 00000000 ____D C:\Users\Christian_2\AppData\Roaming\Foxit Software
2013-07-03 10:01 - 2013-07-03 10:01 - 29978944 ____A (Foxit Corporation                                           ) C:\Users\Christian\Downloads\FoxitReader605.0618_enu_Setup (1).exe
2013-07-03 09:59 - 2013-07-03 09:58 - 29978944 ____A (Foxit Corporation                                           ) C:\Users\Christian\Downloads\FoxitReader605.0618_enu_Setup.exe
2013-07-03 09:23 - 2011-04-27 10:36 - 00001084 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1284297116-794809632-3988175124-1000Core.job
2013-07-03 08:38 - 2013-07-03 08:38 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-07-03 08:37 - 2009-11-25 00:36 - 00000000 ____D C:\Windows\Panther
2013-07-03 08:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-02 17:57 - 2013-07-02 17:47 - 00010048 ____A C:\Windows\IE10_main.log
2013-07-02 17:51 - 2013-07-02 17:51 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-02 17:51 - 2013-07-02 17:51 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-02 17:51 - 2013-07-02 17:51 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-02 17:51 - 2013-07-02 17:51 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-02 17:51 - 2013-07-02 17:51 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-02 17:51 - 2013-07-02 17:51 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-02 17:51 - 2013-07-02 17:51 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-02 17:51 - 2013-07-02 17:51 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-02 17:51 - 2013-07-02 17:51 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-02 17:51 - 2013-07-02 17:51 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-02 17:51 - 2013-07-02 17:51 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-02 16:01 - 2013-07-02 09:34 - 00000000 ____D C:\Users\Christian\Desktop\Wiedelympics Gruppen
2013-07-02 12:50 - 2013-02-22 16:18 - 00000181 ____A C:\Windows\setscan.ini
2013-06-28 08:48 - 2013-06-28 08:48 - 00010301 ____A C:\Users\Christian\Desktop\boden kalkulation.ods
2013-06-27 11:32 - 2011-02-15 10:46 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Foxit Software
2013-06-26 10:49 - 2011-04-15 23:54 - 02141184 __ASH C:\Users\Christian\Desktop\Thumbs.db
2013-06-26 09:35 - 2013-06-11 18:06 - 519893268 ____A C:\Windows\MEMORY.DMP
2013-06-26 09:35 - 2009-12-14 12:16 - 00000000 ____D C:\Windows\Minidump
2013-06-20 15:35 - 2013-06-20 15:35 - 00001743 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-20 15:35 - 2013-06-20 15:34 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-20 15:35 - 2013-06-20 15:34 - 00000000 ____D C:\Program Files\iTunes
2013-06-20 15:35 - 2011-07-21 14:20 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-20 15:34 - 2013-06-20 15:34 - 00000000 ____D C:\Program Files\iPod
2013-06-19 09:36 - 2013-06-19 09:36 - 13328730 ____A C:\Users\Christian\Downloads\Eispromo2013.zip
2013-06-14 15:17 - 2013-06-11 21:52 - 00011930 ____A C:\Users\Christian\Desktop\Kosten _Umbau Arndtstr. 13.xlsx
2013-06-12 18:57 - 2009-11-24 17:05 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-12 09:53 - 2012-04-13 18:40 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 09:53 - 2011-03-17 09:42 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-09 21:59 - 2013-07-03 10:03 - 00216064 ____A C:\Windows\SysWOW64\gcapi_dll.dll
2013-06-07 08:36 - 2013-02-27 08:01 - 00001556 ____A C:\Windows\PFRO.log
2013-06-04 12:12 - 2013-02-04 12:21 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-04 12:12 - 2009-11-24 17:06 - 00000000 ____D C:\ProgramData\Skype

Files to move or delete:
====================
C:\Users\Christian\KTW Fernwartung.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-07-2013
Ran by Christian at 2013-07-04 15:00:46
Running from C:\Users\Christian\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
7-Zip 9.20 (x32)
ActivClient x64 (Version: 6.2)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
AMD Catalyst Install Manager (Version: 8.0.871.0)
Anti-Twin (Installation 29.04.2013) (x32)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Audacity 1.2.6 (x32)
AuthenTec Fingerprint System (Version: 8.0.202.0)
Avira Professional Security (x32 Version: 12.1.9.1580)
AVM FRITZ!Box Dokumentation (x32)
AVM FRITZ!Box Druckeranschluss (x32)
AVM FRITZ!DSL (x32 Version: 2.04.02)
AVS Cover Editor 2.0.1.3 (x32)
AVS Disc Creator version 5.0.1 (x32)
AVS Update Manager 1.0 (x32)
AVS Video Converter 7 (x32)
AVS4YOU Software Navigator 1.4 (x32)
Bike GPS RichTrack Factory (x32)
Bonjour (Version: 3.0.0.10)
Broadcom 802.11 Wireless LAN Adapter (Version: )
Brother MFL-Pro Suite MFC-8460N (x32 Version: 1.0.0.0)
Canon driver for DR-C125 (x64) (Version: 1.0.4309)
CaptureOnTouch Evernote Plugin (x32 Version: 1.2.11005)
CaptureOnTouch Google Docs(TM) Plugin (x32 Version: 1.1.4311)
CaptureOnTouch Microsoft SharePoint Plugin (x32 Version: 1.01.40797)
CCleaner (Version: 3.28)
CDBurnerXP (Version: 4.3.8.2631)
CDBurnerXP (x32 Version: 4.4.2.3442)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
Credential Manager for HP ProtectTools (x32 Version: 4.1.6.1484)
DivX-Setup (x32 Version: 2.3.0.20)
DR-C125 CaptureOnTouch (x32 Version: 2.3.111.1014)
DR-C125 UserManual (x32 Version: 1.04.0000)
Dropbox (HKCU Version: 2.0.22)
ElsterFormular (x32 Version: 13.1.0.8394p)
Foxit Reader (x32 Version: 6.0.5.618)
Free Audio CD Burner version 1.5.3.920 (x32)
Free Audio Dub version 1.7.9.602 (x32)
Free DVD Video Converter version 1.5.15.908 (x32)
Free Video to MP3 Converter version 3.2 (x32)
Free YouTube to MP3 Converter version 3.8 (x32)
Freez FLV to AVI/MPEG/WMV Converter (x32 Version: 1.6)
Freez FLV to MP3 Converter (x32 Version: 1.5)
Garmin BaseCamp (x32 Version: 4.0.1)
Garmin USB Drivers (x32 Version: 2.3.1.0)
Google Chrome (HKCU Version: 27.0.1453.116)
Google Earth (x32 Version: 7.0.3.8542)
Google Update Helper (x32 Version: 1.3.21.145)
HP 3D DriveGuard (Version: 4.0.3.1)
HP ESU for Microsoft Windows 7 (x32 Version: 1.0.3.1)
HP JavaCard for HP ProtectTools (x32 Version: 04.10.10.0003)
HP ProtectTools Security Manager (x32 Version: 04.10.10.0003)
HP Quick Launch Buttons (x32 Version: 6.50.14.1)
HP Webcam (x32 Version: 5.8.39017.0)
Image Resizer Powertoy Clone for Windows (Version: 2.0.0.0)
Iminent (x32 Version: 5.35.51.0)
iTunes (Version: 11.0.4.4)
Java 7 Update 21 (64-bit) (Version: 7.0.210)
Java 7 Update 21 (x32 Version: 7.0.210)
Java Auto Updater (x32 Version: 2.1.9.5)
Kill-ID 1.2.4.0 für Chrome (x32 Version: 1.2.5.0)
KOMPASS Digital Map Südtirol (x32)
KONICA MINOLTA magicolor 5430DL
Kyocera Product Library (Version: 2.0.0713)
LogMeIn Hamachi (x32 Version: 2.1.0.374)
Malwarebytes Anti-Malware Version 1.62.0.1300 (x32 Version: 1.62.0.1300)
maxdome Download Manager 4.1.300.78 (x32 Version: 4.1.30078)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft IntelliPoint 8.1 (Version: 8.15.406.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (x32 Version: 12.0.6423.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Small Business Connectivity Components (x32 Version: 2.0.7024.0)
Microsoft Office Ultimate 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Outlook-Sicherung für Persönliche Ordner (x32 Version: 1.10.0.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 (x32)
Microsoft SQL Server 2005 Tools Express Edition (x32 Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (x32 Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.4035.00)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 15.0 (x86 de) (x32 Version: 15.0)
Mozilla Maintenance Service (x32 Version: 15.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Nero 12 (x32 Version: 12.0.02000)
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0)
Nero BackItUp (x32 Version: 12.0.2001)
Nero BackItUp Help (CHM) (x32 Version: 12.0.3000)
Nero Blu-ray Player (x32 Version: 12.0.14300)
Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.4000)
Nero Burning ROM (x32 Version: 12.0.20000)
Nero Burning ROM Help (CHM) (x32 Version: 12.0.3000)
Nero ControlCenter (x32 Version: 11.0.15200)
Nero ControlCenter Help (CHM) (x32 Version: 12.0.5000)
Nero Core Components (x32 Version: 11.0.18100)
Nero Disc Menus Basic (x32 Version: 12.0.11500)
Nero Effects Basic (x32 Version: 12.0.11500)
Nero Express (x32 Version: 12.0.20000)
Nero Express Help (CHM) (x32 Version: 12.0.5000)
Nero Installer (x32 Version: 4.4.9.0)
Nero Kwik Media (x32 Version: 1.18.18500)
Nero Kwik Media (x32 Version: 12.0.01300)
Nero Kwik Media Help (CHM) (x32 Version: 12.0.4000)
Nero Kwik Themes Basic (x32 Version: 12.0.11500)
Nero PiP Effects Basic (x32 Version: 12.0.11500)
Nero Recode (x32 Version: 12.0.24000)
Nero Recode Help (CHM) (x32 Version: 12.0.4000)
Nero RescueAgent (x32 Version: 12.0.9000)
Nero RescueAgent Help (CHM) (x32 Version: 12.0.3000)
Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0)
Nero Update (x32 Version: 11.0.11800.31.0)
Nero Video (x32 Version: 12.0.3000)
Nero Video Help (CHM) (x32 Version: 12.0.4000)
neroxml (x32 Version: 1.0.0)
NHL06 (x32)
Office-Bibliothek (x32 Version: 5.01)
PDFCreator (x32 Version: 1.5.0)
PDF-Viewer (Version: 2.5.205.0)
Picasa 3 (x32 Version: 3.9)
Prerequisite installer (x32 Version: 12.0.0002)
QLBCASL (x32 Version: 6.40.17.2)
QuickTime (x32 Version: 7.74.80.86)
Recuva (Version: 1.42)
Remotedesktopverbindung (x32 Version: 5.1.2600.2180)
SCR3xxx Smart Card Reader (x32 Version: 8.35)
Secunia PSI (3.0.0.6005) (x32 Version: 3.0.0.6005)
Security Task Manager 1.8d (x32 Version: 1.8d)
Shotty - Kleines aber eindrucksvolles Screenshot Tool (Version: 2.0.2.216)
Skype™ 6.3 (x32 Version: 6.3.107)
SlimDrivers (x32 Version: 2.2.28413)
SmarTerm (x32 Version: 13.0.0)
SPG-Verein 3.0 (x32 Version: 3.0.4)
Synaptics Pointing Device Driver (Version: 15.0.24.0)
TeamViewer 7 (x32 Version: 7.0.14484)
TweetDeck (x32 Version: 1.5.3)
Ultr@VNC Release 1.0.0 RC 18 - Win32 (x32 Version: 1.0018)
UltraVNC 1.0.9.1 (x32 Version: 1.0.9.1)
Uninstall 1.0.0.1 (x32)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0)
VD64Inst (Version: 1.00.0000)
VLC media player 2.0.2 (x32 Version: 2.0.2)
Welcome App (Start-up experience) (x32 Version: 12.0.14000)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Windows Media Center Add-in for Silverlight (x32 Version: 4.7.3.0)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
WinRAR 4.01 (64-bit) (Version: 4.01.0)

==================== Restore Points  =========================

Could not list Restore Points.


==================== Hosts content: ==========================

2009-07-14 04:34 - 2012-08-16 12:47 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1284297116-794809632-3988175124-1000Core.job => C:\Users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1284297116-794809632-3988175124-1000UA.job => C:\Users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SlimDrivers Startup.job => ?

==================== Faulty Device Manager Devices =============

Name:  AuthenTec Inc. AES2810
Description:  AuthenTec Inc. AES2810
Class Guid: {53d29ef7-377c-4d14-864b-eb3a85769359}
Manufacturer: AuthenTec
Service: ATSwpWDF
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Shrew Soft Lightweight Filter
Description: Shrew Soft Lightweight Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: vflt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/04/2013 09:58:04 AM) (Source: Avira Antivirus) (User: NT AUTHORITY)
Description: Das Update von R187129 (169.254.152.231) ist fehlgeschlagen.
Während des Herunterladens ist ein Fehler aufgetreten. .
Es wurden keine neuen Dateien geladen.

Error: (07/03/2013 09:27:29 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 007 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (07/03/2013 09:27:29 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 007 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (07/03/2013 08:43:16 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 007 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (07/03/2013 08:43:16 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 007 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (07/02/2013 08:42:44 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 007 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (07/02/2013 08:42:44 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 007 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (06/28/2013 08:42:27 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 007 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (06/28/2013 08:42:27 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 007 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (06/27/2013 08:53:16 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 007 language ID. The first DWORD in the Data section contains the Win32 error code.


System errors:
=============
Error: (07/04/2013 02:51:14 PM) (Source: NetBT) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.

Error: (07/04/2013 02:33:18 PM) (Source: DCOM) (User: )
Description: {4991D34B-80A1-4291-83B6-3328366B9097}

Error: (07/04/2013 02:32:48 PM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with the following error: 
%%2

Error: (07/04/2013 02:32:48 PM) (Source: DCOM) (User: )
Description: {03CA98D6-FF5D-49B8-ABC6-03DD84127020}

Error: (07/04/2013 02:32:18 PM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with the following error: 
%%2

Error: (07/04/2013 02:32:17 PM) (Source: DCOM) (User: )
Description: {659CDEA7-489E-11D9-A9CD-000D56965251}

Error: (07/04/2013 02:31:47 PM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with the following error: 
%%2

Error: (07/04/2013 02:31:37 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

Error: (07/04/2013 02:29:05 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends the following service: Dhcp. This service might not be installed.

Error: (07/04/2013 02:29:00 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
vflt


Microsoft Office Sessions:
=========================
Error: (06/13/2013 04:24:26 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 27085 seconds with 2220 seconds of active time.  This session ended with a crash.

Error: (05/23/2013 01:02:46 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14968 seconds with 4380 seconds of active time.  This session ended with a crash.

Error: (05/17/2013 10:18:36 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/18/2013 11:47:44 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 7552 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (04/09/2013 11:17:56 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4615 seconds with 1440 seconds of active time.  This session ended with a crash.

Error: (03/26/2013 00:39:21 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9071 seconds with 2640 seconds of active time.  This session ended with a crash.

Error: (03/25/2013 06:52:40 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 34329 seconds with 6780 seconds of active time.  This session ended with a crash.

Error: (03/05/2013 07:48:00 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 133 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/21/2013 07:14:30 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 8 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/12/2013 01:23:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 155 seconds with 60 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-07-04 14:28:30.641
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-04 14:28:30.110
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-04 10:00:20.435
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-04 10:00:19.936
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-04 09:52:05.485
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-04 09:52:04.986
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-03 09:20:56.433
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-03 09:20:55.950
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-03 08:35:46.224
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-03 08:35:45.693
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Percentage of memory in use: 59%
Total physical RAM: 3836.87 MB
Available physical RAM: 1560.99 MB
Total Pagefile: 7671.92 MB
Available Pagefile: 5175.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:65.68 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive x: () (Network) (Total:463.7 GB) (Free:266.09 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

schrauber · 04.07.2013, 19:31

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

chris1309 · 05.07.2013, 09:14

Hier der Bericht:

Code:

ATTFilter

ComboFix 13-07-04.01 - Christian_2 05.07.2013   8:47.5.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1033.18.3837.1868 [GMT 2:00]
ausgeführt von:: c:\users\Christian\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_uvnc_service
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-05 bis 2013-07-05  ))))))))))))))))))))))))))))))
.
.
2013-07-05 07:00 . 2013-07-05 07:07	--------	d-----w-	c:\users\Christian_2\AppData\Local\temp
2013-07-05 07:00 . 2013-07-05 07:00	--------	d-----w-	c:\users\Public\AppData\Local\temp
2013-07-05 07:00 . 2013-07-05 07:00	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-07-05 07:00 . 2013-07-05 07:00	--------	d-----w-	c:\users\AppData\AppData\Local\temp
2013-07-04 12:59 . 2013-07-04 12:59	--------	d-----w-	C:\FRST
2013-07-04 12:24 . 2013-07-04 12:24	--------	d-----w-	c:\users\Christian_2\AppData\Local\Google
2013-07-03 08:03 . 2013-06-09 19:59	216064	----a-w-	c:\windows\SysWow64\gcapi_dll.dll
2013-07-03 08:03 . 2013-07-03 08:03	--------	d-----w-	c:\program files (x86)\Foxit Software
2013-07-03 06:38 . 2013-07-03 06:38	--------	d-----w-	c:\program files (x86)\LogMeIn Hamachi
2013-07-02 06:45 . 2013-06-12 03:08	9552976	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{EBCCB0B2-AD21-4165-AF7D-3C79B1489E45}\mpengine.dll	ERROR(0x00000005)
2013-06-20 13:34 . 2013-06-20 13:34	--------	d-----w-	c:\program files\iPod
2013-06-20 13:34 . 2013-06-20 13:35	--------	d-----w-	c:\program files\iTunes
2013-06-12 06:48 . 2013-04-25 23:30	1505280	----a-w-	c:\windows\SysWow64\d3d11.dll
2013-06-12 06:48 . 2013-03-31 22:52	1887232	----a-w-	c:\windows\system32\d3d11.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-05 07:07 . 2013-04-29 10:24	16152	----a-w-	c:\windows\system32\drivers\SWDUMon.sys
2013-06-12 07:53 . 2012-04-13 16:40	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 07:53 . 2011-03-17 07:42	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 03:08 . 2009-11-27 12:43	9552976	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll	ERROR(0x00000005)
2013-05-02 00:06 . 2009-11-24 14:11	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-05-01 01:59 . 2013-05-01 01:59	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2013-04-29 11:27 . 2009-11-24 14:45	6656	----a-w-	c:\windows\system32\bcmwlrc.dll
2013-04-29 11:27 . 2009-11-24 14:45	95544	----a-w-	c:\windows\system32\bcmwlcoi.dll
2013-04-29 11:27 . 2009-11-24 14:45	3617792	----a-w-	c:\windows\system32\bcmihvui64.dll
2013-04-29 11:27 . 2009-11-24 14:45	4747328	----a-w-	c:\windows\system32\drivers\BCMWL664.SYS
2013-04-29 11:27 . 2009-11-24 14:45	3952640	----a-w-	c:\windows\system32\bcmihvsrv64.dll
2013-04-29 10:42 . 2013-04-29 10:43	311200	----a-w-	c:\windows\system32\javaws.exe
2013-04-29 10:42 . 2013-04-29 10:43	188832	----a-w-	c:\windows\system32\javaw.exe
2013-04-29 10:42 . 2013-04-29 10:43	188320	----a-w-	c:\windows\system32\java.exe
2013-04-29 10:42 . 2013-04-29 10:43	108448	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-04-29 10:42 . 2012-08-31 07:31	1092512	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-04-29 10:42 . 2010-08-23 10:35	971680	----a-w-	c:\windows\system32\deployJava1.dll
2013-04-17 14:33 . 2013-04-17 14:33	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-17 14:33 . 2012-07-27 06:32	866720	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-04-17 14:33 . 2010-05-17 06:54	788896	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-04-13 05:49 . 2013-05-15 06:54	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 06:54	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 06:54	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 06:54	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 06:54	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 06:54	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 09:54	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 06:55	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 06:55	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 06:54	3153920	----a-w-	c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"DR-C125 CaptureOnTouch"="c:\program files (x86)\Canon Electronics\DRC125\TouchDR.exe" [2011-10-17 942080]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-06-28 2255184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\HEWLET~1\IAM\Bin\APSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys;c:\windows\SYSNATIVE\DRIVERS\vfilter.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys;c:\windows\SYSNATIVE\Drivers\ATSwpWDF.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe;c:\program files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 TridVid;USB TV Tuner;c:\windows\system32\DRIVERS\tridvid6010.sys;c:\windows\SYSNATIVE\DRIVERS\tridvid6010.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 UDXTTM6000;DTV-DVB UDXTTM6000 - USB 2.0 Receiver;c:\windows\system32\Drivers\UDXTTM6000.sys;c:\windows\SYSNATIVE\Drivers\UDXTTM6000.sys [x]
R3 UDXTTM6000HID;UDXTTM6000HID - HID Driver;c:\windows\system32\drivers\UDXTTM6000HID.sys;c:\windows\SYSNATIVE\drivers\UDXTTM6000HID.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys;c:\windows\SYSNATIVE\DRIVERS\virtualnet.sys [x]
R4 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\ATService.exe;c:\program files\Fingerprint Sensor\ATService.exe [x]
R4 Prosieben;maxdome Download Manager;c:\program files (x86)\maxdome\DCBin\DCService.exe;c:\program files (x86)\maxdome\DCBin\DCService.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ASChannel;Lokaler Verbindungskanal;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files (x86)\FRITZ!DSL\IGDCTRL.EXE;c:\program files (x86)\FRITZ!DSL\IGDCTRL.EXE [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Cognizance	REG_MULTI_SZ   	ASBroker
Bioscrypt	REG_MULTI_SZ   	ASChannel
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 07:53]
.
2013-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 15:05]
.
2013-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 15:05]
.
2013-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1284297116-794809632-3988175124-1000Core.job
- c:\users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-27 12:02]
.
2013-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1284297116-794809632-3988175124-1000UA.job
- c:\users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-27 12:02]
.
2013-07-05 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2013-03-29 14:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"CANON DR-C125 SVC"="DRDcSvc.dll" [2011-07-12 119296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\HEWLET~1\IAM\Bin\APSHook64.dll c:\progra~2\HEWLET~1\IAM\Bin\APSHook64.dll c:\progra~2\HEWLET~1\IAM\Bin\APSHook64.dll c:\progra~2\HEWLET~1\IAM\Bin\APSHook64.dll c:\progra~2\HEWLET~1\IAM\Bin\APSHook64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{29218194-1DAD-4B03-A7BE-82EEA883C6EE}: NameServer = 192.168.1.254
TCP: Interfaces\{C8856292-F24E-4915-BAD7-ED4B5793B309}: NameServer = 192.168.1.254
FF - ProfilePath - c:\users\Christian_2\AppData\Roaming\Mozilla\Firefox\Profiles\6nvhg61q.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Christian_2\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-ElsterFormular 13.1.0.8394p - c:\programdata\elsterformular\setup\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Prosieben]
"ImagePath"="\"c:\program files (x86)\maxdome\DCBin\DCService.exe\" /accountid:Prosieben"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2F2ED127-9180-E0E9-DD82A3EA97D23C2D}\{BC7AD397-E62C-4E1A-5A858785C5B4F8B7}\{1CB4FE78-537A-1AF0-DBD366375A0DFAF2}*]
"AM6FPN5EWURMVLO6FVTISKWF1F1"=hex:01,00,01,00,00,00,00,00,ec,ec,44,d1,3b,e1,ed,
   ef,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E20DD46F-0CC4-5960-1B1F69E13D145F9C}\{B130274E-D0E8-282B-E7F07B1EE1210709}\{71D795F0-66AF-00D6-EF71DCAC5CDD95C3}*]
"UFBX6Y5AHC6I2K63MVSK2YA1ZE1"=hex:01,00,01,00,00,00,00,00,bc,09,02,36,3f,bc,b3,
   f9,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F16633BB-6FFB-FEEF-6851EE4CF61ADAA7}\{8DE0EF13-9AB8-84BF-28848AB6F741F092}\{2912CDF2-3190-D0FE-95FF87CEE55A8F74}*]
"UFBX6Y5AHC6I2K63MVSK2YA1ZE1"=hex:01,00,01,00,00,00,00,00,bc,09,02,36,3f,bc,b3,
   f9,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Esker\Common\eslcbcst.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Hewlett-Packard\IAM\Bin\AsGHost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-05  09:15:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-07-05 07:15
ComboFix2.txt  2012-08-16 13:25
ComboFix3.txt  2012-08-09 07:57
ComboFix4.txt  2011-02-11 21:10
ComboFix5.txt  2013-07-05 06:42
.
Vor Suchlauf: 70.860.173.312 bytes free
Nach Suchlauf: 70.795.386.880 bytes free
.
- - End Of File - - 5E5CB3926FECAD769A7B757F98668AC3
A36C5E4F47E84449FF07ED3517B43A31

schrauber · 05.07.2013, 09:42

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST Log bitte.

chris1309 · 05.07.2013, 11:16

Junkware Removal Tool:
FRST kommt glech

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x64
Ran by Christian_2 on 05.07.2013 at 12:22:19,21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\chromehplog.txt"



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.07.2013 at 12:29:01,35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Hier schonmal die Log Datei von ADWcleaner

Code:

ATTFilter

# AdwCleaner v2.304 - Logfile created 07/05/2013 at 12:06:56
# Updated 03/07/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Christian_2 - R187129
# Boot Mode : Normal
# Running from : C:\Users\Christian\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\defaults\pref\all-iminent.js
File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp
Folder Deleted : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Program Files (x86)\Iminent
Folder Deleted : C:\ProgramData\Iminent
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Christian\AppData\Local\PackageAware
Folder Deleted : C:\Users\Christian\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Christian\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\Christian\AppData\Roaming\Iminent
Folder Deleted : C:\Users\Christian\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\Christian\AppData\Roaming\software4u
Folder Deleted : C:\Users\Christian_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Folder Deleted : C:\Users\Christian_2\AppData\Roaming\Iminent
Folder Deleted : C:\Users\Christian_2\AppData\Roaming\pdfforge
Folder Deleted : C:\Windows\Installer\{A6E71E28-43CB-423E-B415-B7C00D77902E}

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Iminent
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
Key Deleted : HKLM\Software\Classes\Installer\Features\82E17E6ABC34E3244B517B0CD07709E2
Key Deleted : HKLM\Software\Classes\Installer\Products\82E17E6ABC34E3244B517B0CD07709E2
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A6E71E28-43CB-423E-B415-B7C00D77902E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16618

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (de)

File : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\hmnn1dq1.default\prefs.js

[OK] File is clean.

File : C:\Users\Christian_2\AppData\Roaming\Mozilla\Firefox\Profiles\6nvhg61q.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Christian_2\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1320 octets] - [02/08/2012 10:59:40]
AdwCleaner[S1].txt - [1344 octets] - [03/08/2012 14:28:33]
AdwCleaner[S2].txt - [22052 octets] - [05/07/2013 12:06:56]

########## EOF - \AdwCleaner[S2].txt - [22113 octets] ##########

FRST.txt

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by Christian (ATTENTION: The logged in user is not administrator) on 05-07-2013 12:51:45
Running from C:\Users\Christian\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Bioscrypt Inc.) C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\AsGHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(hxxp://shotty.devs-on.net) C:\Program Files\Shotty\Shotty.exe
(Macrovision Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Canon Electronics Inc.) C:\Program Files (x86)\Canon Electronics\DRC125\TouchDR.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Esker S. A.) C:\Program Files (x86)\Esker\SmarTerm\STOFFICE.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Users\Christian\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [CANON DR-C125 SVC] rundll32.exe DRDcSvc.dll,EntryPointUserMessage [x]
HKCU\...\Run: [Google Update] "C:\Users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-10-19] (Google Inc.)
HKCU\...\Run: [Shotty] C:\Program Files\Shotty\Shotty.exe [724480 2012-02-24] (hxxp://shotty.devs-on.net)
HKCU\...\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler [222128 2007-03-29] (Macrovision Corporation)
HKCU\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [x]
HKCU\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [x]
HKCU\...\Policies\system: [disableregistrytools] 0
HKLM-x32\...\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DR-C125 CaptureOnTouch] "C:\Program Files (x86)\Canon Electronics\DRC125\TouchDR.exe" LOGON [942080 2011-10-17] (Canon Electronics Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255184 2013-06-28] (LogMeIn Inc.)
AppInit_DLLs:  C:\PROGRA~2\HEWLET~1\IAM\Bin\APSHook64.dll C:\PROGRA~2\HEWLET~1\IAM\Bin\APSHook64.dll C:\PROGRA~2\HEWLET~1\IAM\Bin\APSHook64.dll C:\PROGRA~2\HEWLET~1\IAM\Bin\APSHook64.dll C:\PROGRA~2\HEWLET~1\IAM\Bin\APSHook64.dll C:\PROGRA~2\HEWLET~1\IAM\bin\APSHOO~1.DLL [382224 2009-07-28] (Bioscrypt Inc.)
AppInit_DLLs-x32: C:\PROGRA~2\HEWLET~1\IAM\Bin\APSHook.dll [89872 2009-07-28] (Bioscrypt Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: (No Name) - {40c3cc16-7269-4b32-9531-17f2950fb06f} -  No File
SearchScopes: HKCU - {928BF95A-0095-41F0-9C9C-2E5C7A96A451} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
BHO: Credential Manager for HP ProtectTools - {0EA99306-BC87-4930-9E1D-1D1EA32A7E4E} - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn64.dll (Bioscrypt Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {40C3CC16-7269-4B32-9531-17F2950FB06F} -  No File
DPF: HKLM-x32 {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
ShellExecuteHooks-x32:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{29218194-1DAD-4B03-A7BE-82EEA883C6EE}: [NameServer]192.168.1.254
Tcpip\..\Interfaces\{C8856292-F24E-4915-BAD7-ED4B5793B309}: [NameServer]192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\hmnn1dq1.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX OVS Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Christian\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Christian\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\hmnn1dq1.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa

Chrome: 
=======
CHR Extension: (GrepoHandel) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\achfjibbmdooeehfabckogpgonhjgkfa\0.1_0
CHR Extension: (AT_VivienneWestwood) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahhehaklopgggapefjdijagkgbgeapkb\2_0
CHR Extension: (YouTube) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Chrome YouTube Downloader) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja\2.6.15_0
CHR Extension: (grepokultur.user.js) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfflcjnljpdomobfhknnhepdcjnkhob\1.0_0
CHR Extension: (Google Search) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (DivX HiQ) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0
CHR Extension: (Grepolis Gtio2.0Tools) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakcdajhnepchhadiplaljlhlpojifng\0.2.4_0
CHR Extension: (GrepoTownList) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjmjbchnmllbbcdaiiohbjcdapeback\0.5_0
CHR Extension: (Grepolis Gtio2.0Tools) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\kegbmfaeodbbmpaoglbngmclcjeopoif\0.2.4_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0
CHR Extension: (Gmail) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2008-07-15] (Andrea Electronics Corporation)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [375760 2012-05-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [465360 2012-05-14] (Avira Operations GmbH & Co. KG)
R2 ASBroker; C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [192784 2009-07-28] (Bioscrypt Inc.)
R2 ASChannel; C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\AsChnl.dll [150288 2009-07-28] (Bioscrypt Inc.)
R2 EskerLicenseControl; C:\Program Files (x86)\Esker\Common\eslcbcst.exe [315479 2008-08-25] (Esker S.A.)
S3 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [45056 2009-08-07] (Hewlett-Packard Development Company, L.P)
R2 IGDCTRL; C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE [87344 2007-09-04] (AVM Berlin)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [655944 2012-07-03] (Malwarebytes Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S4 Prosieben; C:\Program Files (x86)\maxdome\DCBin\DCService.exe [77032 2009-05-01] (Entriq, Inc.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1223704 2013-02-07] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660504 2013-02-07] (Secunia)
S2 RoxLiveShare9; "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-14] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-14] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-09-16] (Avira GmbH)
R3 HBtnKey; C:\Windows\System32\DRIVERS\cpqbttn.sys [19000 2010-02-25] (Hewlett-Packard Company)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-02-07] (Secunia)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1875624 2008-10-09] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2010-09-17] (Duplex Secure Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-07-05] ()
S3 TridVid; C:\Windows\System32\DRIVERS\tridvid6010.sys [404352 2010-07-13] (10Moons Technologies Co.,Ltd)
S3 UDXTTM6000; C:\Windows\System32\Drivers\UDXTTM6000.sys [365824 2007-02-28] ()
S3 UDXTTM6000HID; C:\Windows\System32\drivers\UDXTTM6000HID.sys [17920 2007-02-28] (DTV-DVB)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U4 eabfiltr; 
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-05 12:22 - 2013-07-05 12:22 - 00000000 ____D C:\Windows\ERUNT
2013-07-05 12:21 - 2013-07-05 12:21 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Christian\Desktop\JRT.exe
2013-07-05 12:21 - 2013-07-05 12:21 - 00000000 ____D C:\JRT
2013-07-05 12:06 - 2013-07-05 12:07 - 00022089 ____A C:\AdwCleaner[S2].txt
2013-07-05 11:55 - 2013-07-05 11:55 - 00650027 ____A C:\Users\Christian\Downloads\adwcleaner.exe
2013-07-05 09:15 - 2013-07-05 09:15 - 00022501 ____A C:\ComboFix.txt
2013-07-05 08:38 - 2013-07-05 08:38 - 05085494 ____R (Swearware) C:\Users\Christian\Desktop\ComboFix.exe
2013-07-04 15:00 - 2013-07-04 15:01 - 00025855 ____A C:\Users\Christian\Downloads\Addition.txt
2013-07-04 14:59 - 2013-07-04 14:59 - 00000000 ____D C:\FRST
2013-07-04 14:58 - 2013-07-04 14:58 - 00095774 ____A C:\Users\Christian\Downloads\OTL.Txt
2013-07-04 14:53 - 2013-07-04 14:53 - 01934636 ____A (Farbar) C:\Users\Christian\Downloads\FRST64.exe
2013-07-04 14:33 - 2013-07-04 14:33 - 00602112 ____A (OldTimer Tools) C:\Users\Christian\Downloads\OTL.exe
2013-07-04 14:25 - 2013-07-04 14:25 - 00000594 ____A C:\Users\Christian\Downloads\defogger_disable.log
2013-07-04 14:25 - 2013-07-04 14:25 - 00000020 ____A C:\Users\Christian_2\defogger_reenable
2013-07-04 14:24 - 2013-07-04 14:24 - 00050477 ____A C:\Users\Christian\Downloads\Defogger.exe
2013-07-04 14:22 - 2013-07-04 14:22 - 00793536 ____A C:\Users\Christian\Downloads\ZipOpenerSetup.exe
2013-07-04 12:59 - 2013-07-04 13:11 - 272275248 ____A (Microsoft Corporation) C:\Users\Christian\Downloads\lp-de-de_2ecd8315fcc93731c126cc8de2dc077c3a2f8bd1.exe
2013-07-04 12:59 - 2013-07-04 12:59 - 01055082 ____A (www.froggie.sk) C:\Users\Christian\Downloads\Vistalizator24.exe
2013-07-03 10:03 - 2013-07-03 10:03 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2013-07-03 10:03 - 2013-06-09 21:59 - 00216064 ____A C:\Windows\SysWOW64\gcapi_dll.dll
2013-07-03 10:01 - 2013-07-03 10:01 - 29978944 ____A (Foxit Corporation                                           ) C:\Users\Christian\Downloads\FoxitReader605.0618_enu_Setup (1).exe
2013-07-03 09:58 - 2013-07-03 09:59 - 29978944 ____A (Foxit Corporation                                           ) C:\Users\Christian\Downloads\FoxitReader605.0618_enu_Setup.exe
2013-07-03 08:38 - 2013-07-03 08:38 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-07-02 17:51 - 2013-07-02 17:51 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-02 17:51 - 2013-07-02 17:51 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-02 17:51 - 2013-07-02 17:51 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-02 17:51 - 2013-07-02 17:51 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-02 17:51 - 2013-07-02 17:51 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-02 17:51 - 2013-07-02 17:51 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-02 17:51 - 2013-07-02 17:51 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-02 17:51 - 2013-07-02 17:51 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-02 17:51 - 2013-07-02 17:51 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-02 17:51 - 2013-07-02 17:51 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-02 17:51 - 2013-07-02 17:51 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-02 17:47 - 2013-07-02 17:57 - 00010048 ____A C:\Windows\IE10_main.log
2013-07-02 09:34 - 2013-07-02 16:01 - 00000000 ____D C:\Users\Christian\Desktop\Wiedelympics Gruppen
2013-06-28 08:48 - 2013-06-28 08:48 - 00010301 ____A C:\Users\Christian\Desktop\boden kalkulation.ods
2013-06-20 15:35 - 2013-06-20 15:35 - 00001743 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-20 15:34 - 2013-06-20 15:35 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-20 15:34 - 2013-06-20 15:35 - 00000000 ____D C:\Program Files\iTunes
2013-06-20 15:34 - 2013-06-20 15:34 - 00000000 ____D C:\Program Files\iPod
2013-06-19 09:36 - 2013-06-19 09:36 - 13328730 ____A C:\Users\Christian\Downloads\Eispromo2013.zip
2013-06-12 08:49 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 08:49 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 08:49 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 08:49 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 08:49 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 08:49 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 08:49 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 08:49 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 08:49 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 08:49 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 08:49 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 08:49 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 08:49 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 08:49 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 08:49 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 08:49 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 08:49 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 08:48 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 08:48 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 21:52 - 2013-07-05 12:00 - 00011834 ____A C:\Users\Christian\Desktop\Kosten _Umbau Arndtstr. 13.xlsx
2013-06-11 18:06 - 2013-06-26 09:35 - 519893268 ____A C:\Windows\MEMORY.DMP

==================== One Month Modified Files and Folders =======

2013-07-05 12:45 - 2010-03-09 15:41 - 00000000 ____D C:\Users\Christian\AppData\Local\LogMeIn Hamachi
2013-07-05 12:23 - 2013-05-07 09:40 - 00002383 ____A C:\Users\Christian\Desktop\Google Chrome.lnk
2013-07-05 12:23 - 2011-04-27 10:36 - 00001136 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1284297116-794809632-3988175124-1000UA.job
2013-07-05 12:22 - 2013-07-05 12:22 - 00000000 ____D C:\Windows\ERUNT
2013-07-05 12:21 - 2013-07-05 12:21 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Christian\Desktop\JRT.exe
2013-07-05 12:21 - 2013-07-05 12:21 - 00000000 ____D C:\JRT
2013-07-05 12:18 - 2009-07-14 06:45 - 00013568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-05 12:18 - 2009-07-14 06:45 - 00013568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-05 12:16 - 2009-07-14 07:13 - 00730448 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-05 12:10 - 2013-04-29 12:25 - 00000422 ____A C:\Windows\Tasks\SlimDrivers Startup.job
2013-07-05 12:09 - 2013-02-27 08:01 - 00012854 ____A C:\Windows\setupact.log
2013-07-05 12:09 - 2013-02-27 08:01 - 00002556 ____A C:\Windows\PFRO.log
2013-07-05 12:09 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-05 12:08 - 2012-07-18 08:17 - 01640803 ____A C:\Windows\WindowsUpdate.log
2013-07-05 12:07 - 2013-07-05 12:06 - 00022089 ____A C:\AdwCleaner[S2].txt
2013-07-05 12:00 - 2013-06-11 21:52 - 00011834 ____A C:\Users\Christian\Desktop\Kosten _Umbau Arndtstr. 13.xlsx
2013-07-05 11:55 - 2013-07-05 11:55 - 00650027 ____A C:\Users\Christian\Downloads\adwcleaner.exe
2013-07-05 11:53 - 2012-04-13 18:40 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-05 09:23 - 2011-04-27 10:36 - 00001084 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1284297116-794809632-3988175124-1000Core.job
2013-07-05 09:15 - 2013-07-05 09:15 - 00022501 ____A C:\ComboFix.txt
2013-07-05 09:15 - 2011-02-11 17:36 - 00000000 ____D C:\Qoobox
2013-07-05 09:07 - 2013-04-29 12:24 - 00016152 ____A C:\Windows\System32\Drivers\SWDUMon.sys
2013-07-05 09:07 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-07-05 09:06 - 2011-02-02 10:14 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Dropbox
2013-07-05 09:05 - 2011-02-02 10:18 - 00000000 ___RD C:\Users\Christian\Dropbox
2013-07-05 09:00 - 2011-02-11 17:38 - 00000000 ____D C:\Windows\ERDNT
2013-07-05 08:38 - 2013-07-05 08:38 - 05085494 ____R (Swearware) C:\Users\Christian\Desktop\ComboFix.exe
2013-07-05 08:38 - 2010-06-24 08:19 - 00000000 ____D C:\Windows\pss
2013-07-04 15:01 - 2013-07-04 15:00 - 00025855 ____A C:\Users\Christian\Downloads\Addition.txt
2013-07-04 14:59 - 2013-07-04 14:59 - 00000000 ____D C:\FRST
2013-07-04 14:58 - 2013-07-04 14:58 - 00095774 ____A C:\Users\Christian\Downloads\OTL.Txt
2013-07-04 14:53 - 2013-07-04 14:53 - 01934636 ____A (Farbar) C:\Users\Christian\Downloads\FRST64.exe
2013-07-04 14:33 - 2013-07-04 14:33 - 00602112 ____A (OldTimer Tools) C:\Users\Christian\Downloads\OTL.exe
2013-07-04 14:25 - 2013-07-04 14:25 - 00000594 ____A C:\Users\Christian\Downloads\defogger_disable.log
2013-07-04 14:25 - 2013-07-04 14:25 - 00000020 ____A C:\Users\Christian_2\defogger_reenable
2013-07-04 14:25 - 2012-07-27 11:14 - 00000000 ____D C:\users\Christian_2
2013-07-04 14:24 - 2013-07-04 14:24 - 00050477 ____A C:\Users\Christian\Downloads\Defogger.exe
2013-07-04 14:22 - 2013-07-04 14:22 - 00793536 ____A C:\Users\Christian\Downloads\ZipOpenerSetup.exe
2013-07-04 14:20 - 2009-12-16 23:20 - 00000000 ____D C:\Users\Christian\AppData\Roaming\vlc
2013-07-04 14:20 - 2009-12-08 12:39 - 00080896 __ASH C:\Users\Christian\Thumbs.db
2013-07-04 13:11 - 2013-07-04 12:59 - 272275248 ____A (Microsoft Corporation) C:\Users\Christian\Downloads\lp-de-de_2ecd8315fcc93731c126cc8de2dc077c3a2f8bd1.exe
2013-07-04 12:59 - 2013-07-04 12:59 - 01055082 ____A (www.froggie.sk) C:\Users\Christian\Downloads\Vistalizator24.exe
2013-07-04 10:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-07-03 16:44 - 2009-11-24 17:06 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Skype
2013-07-03 10:15 - 2012-05-24 08:45 - 00000000 ____D C:\Users\Christian\AppData\Local\Shotty
2013-07-03 10:03 - 2013-07-03 10:03 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2013-07-03 10:03 - 2013-05-06 10:31 - 00000000 ____D C:\Users\Christian_2\AppData\Roaming\Foxit Software
2013-07-03 10:01 - 2013-07-03 10:01 - 29978944 ____A (Foxit Corporation                                           ) C:\Users\Christian\Downloads\FoxitReader605.0618_enu_Setup (1).exe
2013-07-03 09:59 - 2013-07-03 09:58 - 29978944 ____A (Foxit Corporation                                           ) C:\Users\Christian\Downloads\FoxitReader605.0618_enu_Setup.exe
2013-07-03 08:38 - 2013-07-03 08:38 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-07-03 08:37 - 2009-11-25 00:36 - 00000000 ____D C:\Windows\Panther
2013-07-03 08:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-02 17:57 - 2013-07-02 17:47 - 00010048 ____A C:\Windows\IE10_main.log
2013-07-02 17:51 - 2013-07-02 17:51 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-02 17:51 - 2013-07-02 17:51 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-02 17:51 - 2013-07-02 17:51 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-02 17:51 - 2013-07-02 17:51 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-02 17:51 - 2013-07-02 17:51 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-02 17:51 - 2013-07-02 17:51 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-02 17:51 - 2013-07-02 17:51 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-02 17:51 - 2013-07-02 17:51 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-02 17:51 - 2013-07-02 17:51 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-02 17:51 - 2013-07-02 17:51 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-02 17:51 - 2013-07-02 17:51 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-02 17:51 - 2013-07-02 17:51 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-07-02 17:51 - 2013-07-02 17:51 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-02 16:01 - 2013-07-02 09:34 - 00000000 ____D C:\Users\Christian\Desktop\Wiedelympics Gruppen
2013-07-02 12:50 - 2013-02-22 16:18 - 00000181 ____A C:\Windows\setscan.ini
2013-06-28 08:48 - 2013-06-28 08:48 - 00010301 ____A C:\Users\Christian\Desktop\boden kalkulation.ods
2013-06-27 11:32 - 2011-02-15 10:46 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Foxit Software
2013-06-26 10:49 - 2011-04-15 23:54 - 02141184 __ASH C:\Users\Christian\Desktop\Thumbs.db
2013-06-26 09:35 - 2013-06-11 18:06 - 519893268 ____A C:\Windows\MEMORY.DMP
2013-06-26 09:35 - 2009-12-14 12:16 - 00000000 ____D C:\Windows\Minidump
2013-06-20 15:35 - 2013-06-20 15:35 - 00001743 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-20 15:35 - 2013-06-20 15:34 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-20 15:35 - 2013-06-20 15:34 - 00000000 ____D C:\Program Files\iTunes
2013-06-20 15:35 - 2011-07-21 14:20 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-20 15:34 - 2013-06-20 15:34 - 00000000 ____D C:\Program Files\iPod
2013-06-19 09:36 - 2013-06-19 09:36 - 13328730 ____A C:\Users\Christian\Downloads\Eispromo2013.zip
2013-06-12 18:57 - 2009-11-24 17:05 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-12 09:53 - 2012-04-13 18:40 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 09:53 - 2011-03-17 09:42 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-09 21:59 - 2013-07-03 10:03 - 00216064 ____A C:\Windows\SysWOW64\gcapi_dll.dll

Files to move or delete:
====================
C:\Users\Christian\KTW Fernwartung.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-07-2013
Ran by Christian at 2013-07-04 15:00:46
Running from C:\Users\Christian\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
7-Zip 9.20 (x32)
ActivClient x64 (Version: 6.2)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
AMD Catalyst Install Manager (Version: 8.0.871.0)
Anti-Twin (Installation 29.04.2013) (x32)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Audacity 1.2.6 (x32)
AuthenTec Fingerprint System (Version: 8.0.202.0)
Avira Professional Security (x32 Version: 12.1.9.1580)
AVM FRITZ!Box Dokumentation (x32)
AVM FRITZ!Box Druckeranschluss (x32)
AVM FRITZ!DSL (x32 Version: 2.04.02)
AVS Cover Editor 2.0.1.3 (x32)
AVS Disc Creator version 5.0.1 (x32)
AVS Update Manager 1.0 (x32)
AVS Video Converter 7 (x32)
AVS4YOU Software Navigator 1.4 (x32)
Bike GPS RichTrack Factory (x32)
Bonjour (Version: 3.0.0.10)
Broadcom 802.11 Wireless LAN Adapter (Version: )
Brother MFL-Pro Suite MFC-8460N (x32 Version: 1.0.0.0)
Canon driver for DR-C125 (x64) (Version: 1.0.4309)
CaptureOnTouch Evernote Plugin (x32 Version: 1.2.11005)
CaptureOnTouch Google Docs(TM) Plugin (x32 Version: 1.1.4311)
CaptureOnTouch Microsoft SharePoint Plugin (x32 Version: 1.01.40797)
CCleaner (Version: 3.28)
CDBurnerXP (Version: 4.3.8.2631)
CDBurnerXP (x32 Version: 4.4.2.3442)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
Credential Manager for HP ProtectTools (x32 Version: 4.1.6.1484)
DivX-Setup (x32 Version: 2.3.0.20)
DR-C125 CaptureOnTouch (x32 Version: 2.3.111.1014)
DR-C125 UserManual (x32 Version: 1.04.0000)
Dropbox (HKCU Version: 2.0.22)
ElsterFormular (x32 Version: 13.1.0.8394p)
Foxit Reader (x32 Version: 6.0.5.618)
Free Audio CD Burner version 1.5.3.920 (x32)
Free Audio Dub version 1.7.9.602 (x32)
Free DVD Video Converter version 1.5.15.908 (x32)
Free Video to MP3 Converter version 3.2 (x32)
Free YouTube to MP3 Converter version 3.8 (x32)
Freez FLV to AVI/MPEG/WMV Converter (x32 Version: 1.6)
Freez FLV to MP3 Converter (x32 Version: 1.5)
Garmin BaseCamp (x32 Version: 4.0.1)
Garmin USB Drivers (x32 Version: 2.3.1.0)
Google Chrome (HKCU Version: 27.0.1453.116)
Google Earth (x32 Version: 7.0.3.8542)
Google Update Helper (x32 Version: 1.3.21.145)
HP 3D DriveGuard (Version: 4.0.3.1)
HP ESU for Microsoft Windows 7 (x32 Version: 1.0.3.1)
HP JavaCard for HP ProtectTools (x32 Version: 04.10.10.0003)
HP ProtectTools Security Manager (x32 Version: 04.10.10.0003)
HP Quick Launch Buttons (x32 Version: 6.50.14.1)
HP Webcam (x32 Version: 5.8.39017.0)
Image Resizer Powertoy Clone for Windows (Version: 2.0.0.0)
Iminent (x32 Version: 5.35.51.0)
iTunes (Version: 11.0.4.4)
Java 7 Update 21 (64-bit) (Version: 7.0.210)
Java 7 Update 21 (x32 Version: 7.0.210)
Java Auto Updater (x32 Version: 2.1.9.5)
Kill-ID 1.2.4.0 für Chrome (x32 Version: 1.2.5.0)
KOMPASS Digital Map Südtirol (x32)
KONICA MINOLTA magicolor 5430DL
Kyocera Product Library (Version: 2.0.0713)
LogMeIn Hamachi (x32 Version: 2.1.0.374)
Malwarebytes Anti-Malware Version 1.62.0.1300 (x32 Version: 1.62.0.1300)
maxdome Download Manager 4.1.300.78 (x32 Version: 4.1.30078)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft IntelliPoint 8.1 (Version: 8.15.406.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (x32 Version: 12.0.6423.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Small Business Connectivity Components (x32 Version: 2.0.7024.0)
Microsoft Office Ultimate 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Outlook-Sicherung für Persönliche Ordner (x32 Version: 1.10.0.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 (x32)
Microsoft SQL Server 2005 Tools Express Edition (x32 Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (x32 Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.4035.00)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 15.0 (x86 de) (x32 Version: 15.0)
Mozilla Maintenance Service (x32 Version: 15.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Nero 12 (x32 Version: 12.0.02000)
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0)
Nero BackItUp (x32 Version: 12.0.2001)
Nero BackItUp Help (CHM) (x32 Version: 12.0.3000)
Nero Blu-ray Player (x32 Version: 12.0.14300)
Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.4000)
Nero Burning ROM (x32 Version: 12.0.20000)
Nero Burning ROM Help (CHM) (x32 Version: 12.0.3000)
Nero ControlCenter (x32 Version: 11.0.15200)
Nero ControlCenter Help (CHM) (x32 Version: 12.0.5000)
Nero Core Components (x32 Version: 11.0.18100)
Nero Disc Menus Basic (x32 Version: 12.0.11500)
Nero Effects Basic (x32 Version: 12.0.11500)
Nero Express (x32 Version: 12.0.20000)
Nero Express Help (CHM) (x32 Version: 12.0.5000)
Nero Installer (x32 Version: 4.4.9.0)
Nero Kwik Media (x32 Version: 1.18.18500)
Nero Kwik Media (x32 Version: 12.0.01300)
Nero Kwik Media Help (CHM) (x32 Version: 12.0.4000)
Nero Kwik Themes Basic (x32 Version: 12.0.11500)
Nero PiP Effects Basic (x32 Version: 12.0.11500)
Nero Recode (x32 Version: 12.0.24000)
Nero Recode Help (CHM) (x32 Version: 12.0.4000)
Nero RescueAgent (x32 Version: 12.0.9000)
Nero RescueAgent Help (CHM) (x32 Version: 12.0.3000)
Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0)
Nero Update (x32 Version: 11.0.11800.31.0)
Nero Video (x32 Version: 12.0.3000)
Nero Video Help (CHM) (x32 Version: 12.0.4000)
neroxml (x32 Version: 1.0.0)
NHL06 (x32)
Office-Bibliothek (x32 Version: 5.01)
PDFCreator (x32 Version: 1.5.0)
PDF-Viewer (Version: 2.5.205.0)
Picasa 3 (x32 Version: 3.9)
Prerequisite installer (x32 Version: 12.0.0002)
QLBCASL (x32 Version: 6.40.17.2)
QuickTime (x32 Version: 7.74.80.86)
Recuva (Version: 1.42)
Remotedesktopverbindung (x32 Version: 5.1.2600.2180)
SCR3xxx Smart Card Reader (x32 Version: 8.35)
Secunia PSI (3.0.0.6005) (x32 Version: 3.0.0.6005)
Security Task Manager 1.8d (x32 Version: 1.8d)
Shotty - Kleines aber eindrucksvolles Screenshot Tool (Version: 2.0.2.216)
Skype™ 6.3 (x32 Version: 6.3.107)
SlimDrivers (x32 Version: 2.2.28413)
SmarTerm (x32 Version: 13.0.0)
SPG-Verein 3.0 (x32 Version: 3.0.4)
Synaptics Pointing Device Driver (Version: 15.0.24.0)
TeamViewer 7 (x32 Version: 7.0.14484)
TweetDeck (x32 Version: 1.5.3)
Ultr@VNC Release 1.0.0 RC 18 - Win32 (x32 Version: 1.0018)
UltraVNC 1.0.9.1 (x32 Version: 1.0.9.1)
Uninstall 1.0.0.1 (x32)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0)
VD64Inst (Version: 1.00.0000)
VLC media player 2.0.2 (x32 Version: 2.0.2)
Welcome App (Start-up experience) (x32 Version: 12.0.14000)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Windows Media Center Add-in for Silverlight (x32 Version: 4.7.3.0)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
WinRAR 4.01 (64-bit) (Version: 4.01.0)

==================== Restore Points  =========================

Could not list Restore Points.


==================== Hosts content: ==========================

2009-07-14 04:34 - 2012-08-16 12:47 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1284297116-794809632-3988175124-1000Core.job => C:\Users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1284297116-794809632-3988175124-1000UA.job => C:\Users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SlimDrivers Startup.job => ?

==================== Faulty Device Manager Devices =============

Name:  AuthenTec Inc. AES2810
Description:  AuthenTec Inc. AES2810
Class Guid: {53d29ef7-377c-4d14-864b-eb3a85769359}
Manufacturer: AuthenTec
Service: ATSwpWDF
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Shrew Soft Lightweight Filter
Description: Shrew Soft Lightweight Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: vflt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/04/2013 09:58:04 AM) (Source: Avira Antivirus) (User: NT AUTHORITY)
Description: Das Update von R187129 (169.254.152.231) ist fehlgeschlagen.
Während des Herunterladens ist ein Fehler aufgetreten. .
Es wurden keine neuen Dateien geladen.

Error: (07/03/2013 09:27:29 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 007 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (07/03/2013 09:27:29 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 007 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (07/03/2013 08:43:16 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 007 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (07/03/2013 08:43:16 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 007 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (07/02/2013 08:42:44 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 007 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (07/02/2013 08:42:44 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 007 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (06/28/2013 08:42:27 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 007 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (06/28/2013 08:42:27 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 007 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (06/27/2013 08:53:16 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 007 language ID. The first DWORD in the Data section contains the Win32 error code.


System errors:
=============
Error: (07/04/2013 02:51:14 PM) (Source: NetBT) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.

Error: (07/04/2013 02:33:18 PM) (Source: DCOM) (User: )
Description: {4991D34B-80A1-4291-83B6-3328366B9097}

Error: (07/04/2013 02:32:48 PM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with the following error: 
%%2

Error: (07/04/2013 02:32:48 PM) (Source: DCOM) (User: )
Description: {03CA98D6-FF5D-49B8-ABC6-03DD84127020}

Error: (07/04/2013 02:32:18 PM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with the following error: 
%%2

Error: (07/04/2013 02:32:17 PM) (Source: DCOM) (User: )
Description: {659CDEA7-489E-11D9-A9CD-000D56965251}

Error: (07/04/2013 02:31:47 PM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with the following error: 
%%2

Error: (07/04/2013 02:31:37 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

Error: (07/04/2013 02:29:05 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends the following service: Dhcp. This service might not be installed.

Error: (07/04/2013 02:29:00 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
vflt


Microsoft Office Sessions:
=========================
Error: (06/13/2013 04:24:26 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 27085 seconds with 2220 seconds of active time.  This session ended with a crash.

Error: (05/23/2013 01:02:46 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14968 seconds with 4380 seconds of active time.  This session ended with a crash.

Error: (05/17/2013 10:18:36 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/18/2013 11:47:44 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 7552 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (04/09/2013 11:17:56 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4615 seconds with 1440 seconds of active time.  This session ended with a crash.

Error: (03/26/2013 00:39:21 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9071 seconds with 2640 seconds of active time.  This session ended with a crash.

Error: (03/25/2013 06:52:40 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 34329 seconds with 6780 seconds of active time.  This session ended with a crash.

Error: (03/05/2013 07:48:00 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 133 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/21/2013 07:14:30 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 8 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/12/2013 01:23:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 155 seconds with 60 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-07-04 14:28:30.641
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-04 14:28:30.110
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-04 10:00:20.435
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-04 10:00:19.936
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-04 09:52:05.485
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-04 09:52:04.986
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-03 09:20:56.433
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-03 09:20:55.950
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-03 08:35:46.224
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-03 08:35:45.693
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Percentage of memory in use: 59%
Total physical RAM: 3836.87 MB
Available physical RAM: 1560.99 MB
Total Pagefile: 7671.92 MB
Available Pagefile: 5175.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:65.68 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive x: () (Network) (Total:463.7 GB) (Free:266.09 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

schrauber · 05.07.2013, 17:04

Supi, Onlinescan und wir sind durch

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST Log bitte. Noch Probleme?

chris1309 · 06.07.2013, 15:47

hey,
ich komme gerade nicht mehr ins internet. Bin jetzt nur mobil online. Von daher wirds schwierig mit dem online scanner.
Hatte das selbe Problem schon am Donnerstag nach der Systemwiederherstellug im Büro.
dort hab ichs dann hinbekommen. aber zuhause klappts nicht...
Kann sein, dass es bis Montag dauert, bis ich mich wieder melde!

Gruß Chris

schrauber · 06.07.2013, 17:35

Browser oder allgemein Inet-Verbindung? Wenn Internet Explorer:

Setze folgendermassen den Internet Explorer zurück:

Öffne den Internet Explorer und gehe zu Extras -> Internetoptionen.
Klicke in der Registerkarte Erweitert unter "Internet Explorer-Einstellungen zurücksetzen" auf Zurücksetzen...
Klicke im Dialogfeld "Internet Explorer-Einstellungen zurücksetzen" zum Bestätigen auf Zurücksetzen.

(Hier findest du die bebilderte Anleitung.)

chris1309 · 06.07.2013, 22:53

Allgemein Funktioniert die Internetverbindung nicht.
Ich kenn mich nicht so aus, aber ich glaube die Zuweisung der IP Adresse funktioniert nicht.
Im Büro hatte ich dann manuell die IP ect... eingegeben. Aber bei mir zuhause weiß ich nicht welche ich nehmen muss...

Gruß Chris

schrauber · 07.07.2013, 06:48

Normalerweise sollte alles auf autmoatisch stehen.

Rechtsklick auf die Netzwerkverbindung unten in der Taskleise > Netzwerk und Freigabecenter > Doppelklick auf die Lan Verbindung > Eigenschaften > IPv4 in der Liste suchen und doppelklicken > automatisch anhaken bei allem.

dann WIndows-Taste+R, schreibe

ipconfig /release
ipconfig /renew
ipconfig /flushdns

nach jeder Zeile enter drücken. Rebooten. Besser?

chris1309 · 08.07.2013, 08:06

Hi,
bringt leider auch nichts!

hab meine IP im Büro jetzt wieder manuel eingegeben...mach jetzt erst mal den online scan...

04.07.2013, 14:16	#4
schrauber /// the machine /// TB-Ausbilder	Avira findet Trojanisches Pferd TR/Kazy.169263.1 FRST bitte __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Avira findet Trojanisches Pferd TR/Kazy.169263.1

Plagegeister aller Art und deren Bekämpfung: Avira findet Trojanisches Pferd TR/Kazy.169263.1